At first glance I thought that the paper was doing harm by dismissing user security as simply not worth attempting, but that is not the point. The point is that the advice provided to users is often hysterical and out of touch with the real world. This is something I have believed for a long time. So rather than just say,
"yes, that is right, we are screwed", I want to offer up the advice (and mandates) that my own employees and family get when dealing with the security aspects of online security. Here are my Rules of the Road if you will.
Those are the highlights. I don't try to make users security experts, but I seek to help them exercise some best practices. I am thinking of making this into a presentation for user groups and expanding it out with examples and much more detail.