My reference was to base security such as regular password changes, required length minimums, complexity, et al. Not additional out-of-pocket expenses such as physical authenticators/dongles etc. unless they are included. Simply put, security measures should not afford anyone the option to make the whole thing trivial. Do I wish we lived in a world where we didn't need passwords, two-factor authentication, PINs, door locks, alarms, etc.? Do I wish I would not have to worry that I left my purse on top of my car while in a crowded parking lot because it would still be there untouched when I returned? Certainly, but there's always going to be jerks that we have to account for and that will never change in the foreseeable future so as a baseline we have to make things as difficult as possible, as a standard, to try and stay ahead.