So everyone has probably read Mat Honan’s story on how various of his accounts were hijacked. While things like that happen every day, the big issue here is that it was done using only publicly available information. We have learned that the security of an Amazon or Apple account is basically nil. There are a number of points which could be handled much better.

No security by obscurity - we all know that it makes no sense for security software, but it also makes no sense for a security process either. If there is a manual process to recover your account, it needs to be documented, step by step. Using that information, users can protect themselves much better and a process that is so weak that publishing breaks it has nothing to do with security anyway.
Show relevant information on file - if one visits his Apple ID account page, there is no mention of billing information. Yet it exists and can be used to access the account. Why is that the case? There needs to be one place to view all information associated with the account and one place to remove or edit it.
No password reset with public information - billing addresses, credit numbers or birthdays provide zero security - they are a small step beyond asking someone for his name. Authentication needs either a shared secret or an unique token. A proper way would be sending something to the billing address or requiring a photo ID. There is still potential for fraud, but it is much more difficult.
Untangle remote wipe and device search - “Find my iPhone” makes sense for almost anybody, but most people don’t need to wipe the photos of their kids from a stolen device. Weak passwords are broken daily and wiping the targets device will now be part of the show. Break those two options apart and require additional authentication for wiping a device or Honan’s story will become a daily tale.
Provide two factor authentication - our Apple IDs provide access to our data, purchases and money. For Apple developers, they can even be the key to their business and still they are tied to the secrecy of a couple of characters. There are better ways and they need to be implemented fast.

These five points are only a start and they are not alternatives. Every single one of them needs to happen or we will all be able to relate to Mat Honan sooner rather than later.

Flattr is a thing many of us want to use more. Unfortunately, in most situations it's just too damn inconvenient. "But it's just clicking a button in your browser!" some say, but, in reality, we are not living in the browser as much as we did a couple of years ago. We are consuming stuff mobile and that means using apps. This is especially true for podcasts. While they're usually more time consuming to produce and more expensive to host than a blog, flattring them is much more awkward, because Music.app doesn't have a Flattr button built-in.

While I can't give you a button right inside Music.app, I did the best I could: FlattrPod. When launching FlattrPod, you're presented with the artwork of the podcast you're listening to right now and a big Flattr button. Click it and you did something good. Optionally, you can tweet about the specific episode you're listening to, with a proper link. If you're not listening to a podcast or just want to flattr a different one, you can look at a list of all podcasts on your device.

FlattrPod is of course free and is available on the App Store. If you're a designer and want to help out, I would be glad for a nicer icons - feel free to contact me.

Since its release last tuesday, I received a couple of requests of supporting third-party podcasts apps. This isn't technically possible, but I'm looking into OPML import or an URL scheme as solutions - but I am not sure if they would be convenient enough to be useful. Meanwhile, encourage the devs of your favourite app to use FlattrKit or use Instacast, which added native Flattr support recently.

The app was also submitted to the Flattr developer challenge.

Here's a short and blurry video of the app in action:

Account Security

Introducing FlattrPod