Instead of all their hand-wringing about client security, operators of consumer Web sites should implement support for client certificates, thereby replacing or enhancing the registration process. And instead of waiting for the user to obtain a client certificate, ISPs should just issue one when the user signs up. Client certificates are no less secure than the consumer authentication methods used today. CA (Certificate Authority) and e-business sites should provide incentives for users to obtain stronger certificates as needed.