In school, did you ever do the "give instructions to make a peanut butter and jelly sandwich" activity? I'm guessing not.
I'm willing to bet you could have a video with transcript and pictures of the user's exact home set up and many people still couldn't figure it out. You are dealing with people who still don't understand why you don't have to double click links since they have to double click apps and don't know the difference between Google, the Internet, and Internet Explorer.
People are often stuck with modes of thought and operation from when they were younger, and for many, that was pre-computer. At work, we got a hand written letter asking for support setting up their account because they were having trouble with their email that their daughter set up (despite ample support options on the site).
> I'm willing to bet you could have a video with transcript and pictures of the user's exact home set up and many people still couldn't figure it out.
I think you're giving most people less credit than they deserve in terms of figuring things out. Yes, there are people who are technically illiterate, but they probably still conduct most of their business in a manner similar to the pre-commercial internet days. That is, they either use the bank teller drive-through lanes, ATM, or go inside the bank to do banking business. They may not even try logging into their online account.
But that doesn't mean that the bank shouldn't provide options for the more technically literate users who either already understand the concepts or can pick it up with some step-by-step instructions.
I certainly don't like banks providing half-baked security solutions like easily guessable "security" questions or passwords that can only be up to some relatively short length and highly restricted character-set which can be brute-forced or easily obtained from a plain-text dump of their compromised database.
I don't think most users would have a terrible time. I think most users would not bother with setting up anything fancy, but could if they had ok instructions. But I think there are many who would absolutely flounder. As a technical person, I would like more security for sure.
"Security" questions should be gone. Everything important should be 2FA or have a key fob. I think just about everyone who has a phone and does online banking can understand "input the code we just texted you."
The key fob (or equivalent application on one's phone) is a better option compared to email/SMS based 2FA since the latter is not secure [1] [2]). The latter is still a lot like the half-baked security measures I mentioned in my earlier post.
I still think having certificate/private key imported into my browser as a one-time (or periodic) task more convenient compared to having to use a key fob or soft token from a phone app everytime I have to log in.
I'm willing to bet you could have a video with transcript and pictures of the user's exact home set up and many people still couldn't figure it out. You are dealing with people who still don't understand why you don't have to double click links since they have to double click apps and don't know the difference between Google, the Internet, and Internet Explorer.
People are often stuck with modes of thought and operation from when they were younger, and for many, that was pre-computer. At work, we got a hand written letter asking for support setting up their account because they were having trouble with their email that their daughter set up (despite ample support options on the site).