Smart grid is considered to be the next generation power system. Integrating information and communication technology, power electronics, and power system technologies, smart grid reduces excess power generation by better matching power generation with customer demands, and facilitates renewable power generation by closely monitoring renewable energy source status. Such a large-scale network may be subject to various attacks. In particular, authentication and user privacy preservation are considered two major security concerns. In this article, we first highlight the importance of smart grid security. Next we introduce a new power request paradigm in which a customer is allowed to submit a power usage plan in advance. We then propose a secure and privacy-preserving power request scheme as a solution to this problem. To achieve the privacy-preserving property, our scheme employs two cryptographic techniques: anonymous credential and blind signature. We conclude this article by discussing the security and performance issues of our proposed scheme.