Electronic security is important. Like we have grown to accept intrusive airport security as part of a valid effort to protect travelers from getting blown up by Islamic fascists and other terrorists, we have also grown to accept passwords, PIN numbers, verification codes, CAPTCHAs, and more in the name of electronic security. In this Internet age, you are more likely than ever to be a victim of credit-ruining identity theft. These inconveniences help to protect you.
Electronic security is also important for the government and businesses. Having worked on Department of Defense web sites, one of which including private (though non-classified) information, I’m well aware of the precautions taken on the systems side. DoD sites have to pass the Defense Information Assurance Certification and Accreditation Process (DIACAP), be compliant with the DoD Public Key Infrastructure, and more. When you combine all of this with web browsers and servers that support SSL encryption and rational user account/access policies, it’s pretty tough for bad guys to get information they shouldn’t have access to.
The problem is that increasing security—at least when it directly inconveniences the user—comes with diminishing returns. Extreme security requirements (like those often mandated in government settings) often result in a less secure technological infrastructure.