Just as example, websites like technorati or the blog platform wordpress have integrated openid as a authentification method, allowing you to share your your identity across websites

(and I apologize because in fact I wanted to post this more recent presentation : http://www.identity20.com/media/ETECH_2006/)

Maybe this is the beginning of a solution…

The problem with secured protocols (whether it is FTPS, IMAPS, POPS or even SSL or SFTP) is that it has a heavy load on servers and, as said Peter, it is expensive to deal with it because you’ll have to invest in more powerful servers or to buy many for load balancing…

I was jocking earlier, talking about IPv6 (because it is not used today by individuals), though the idea of authentication could be a first way to deal with clear passwords without using a secure (read “encrypted”) layer.
Ok, the password is sent in a clear way but if you are not who you claims to be, you are rejected.

You can think about solutions like http://openid.net/ (and if you don’t know what it is, you should check this (famous) presentation : http://www.identity20.com/media/OSCON2005/)

Any thoughts?

I have a nasty tendency to use the same user name and password for every service I subscribe or register for. I’m always concerned about the fact that anyone who has access to the ‘back-ends’ (admins, helpdesk people, etc.) of those services might try logging on to other well-known services with that data.

For example: a Wordpress support employee could try and log on to Gmail with the same user name and password I provided in your Wordpress account, and he’d get in just like that. The only way to avoid this is to use different user names and password for each service(or only the ‘critical’ ones), but how could you keep track, if you’re used to registering for all kinds of beta stuff out of interest?

FTP: SFTP (file transfer over SSH) works great if your host allows SSH.

CMS (e.g. Wordpress/Drupal) login: one could consider Javascript hashing?

:p