One more thing... Authentakey
The next elephant in the room to tackle is the broken authentication of username and password. Authentakey, where even how you type the username becomes part of the password. Why can't my password be 1234 as I definitely will type it different to you, plus if we record the stats of how you type it, then the password is always changing over time, so any one database breach is useless. What about Authenta-draw, Authenta-click, Authenta-whisper, Authenta-underline, etc. So that the access is give by a access points count (user choose which to login with) depending on the users paranoid choice and sites requirements. Plus have authorised "freinds" verify and validate a password reset request, just like if you had to grant access to someone who you can't see; you have to get to know them.
