I work with a bunch of really computer literate smart guys. Advanced degrees from well-respected universities with TLAs for names, program FPGAs, get poached by Wall Street regularly. Literally computer rocket scientists.
Yet it is not uncommon for them to email me saying “Username xxxxx/password yyyyy doesn’t work anymore. Can you reset it?” And most of the time it isn’t a problem with the authentication, it’s something else.
So these brain surgeon computer scientists just sent their username and password in the clear over unsecure, unencrypted email. How do we expect your grandmother, or any J Random User to do better than these guys (and they’re all guys), who should have a pretty good understanding of computer security?
It’s hopeless.