Your mail client isn't a company, that's not the same.
You're right that the wording is important, and we do a bad job explaining what passwords actually mean, and how to treat them. A simpler analogy: Don't give your house keys to strangers, McDonald's has no business asking you for your keys to confirm your order.
I don't think users need to understand why, they just need to understand what to do / not to do. I've taught my mother to never give anybody her passwords, not even me, and if anyone asks her for her password to call me. She's mildly annoyed when I'm helping her with something and I tell her to please input her password, but she's gotten used to it.
Did it work? It did. The representatives for a car sharing company were poorly trained and asked her to write her email and her password into a form. She refused, walked out and called me because she was worried that they were trying to get into her bank account. Turns out they wanted her to choose a password for their service, and were just very bad at wording it (and had the terrible idea to have customers hand-write it into a form and let somebody transcribe it into the computer system) and the guys working in the office had only been handed a script, they didn't actually know what information they were supposed to get. I'm certain that they accidentally harvested a good number of valid email/password combinations since it's a leading company that is owned by a major car manufacturer and has a good reputation.
You're right that the wording is important, and we do a bad job explaining what passwords actually mean, and how to treat them. A simpler analogy: Don't give your house keys to strangers, McDonald's has no business asking you for your keys to confirm your order.
I don't think users need to understand why, they just need to understand what to do / not to do. I've taught my mother to never give anybody her passwords, not even me, and if anyone asks her for her password to call me. She's mildly annoyed when I'm helping her with something and I tell her to please input her password, but she's gotten used to it. Did it work? It did. The representatives for a car sharing company were poorly trained and asked her to write her email and her password into a form. She refused, walked out and called me because she was worried that they were trying to get into her bank account. Turns out they wanted her to choose a password for their service, and were just very bad at wording it (and had the terrible idea to have customers hand-write it into a form and let somebody transcribe it into the computer system) and the guys working in the office had only been handed a script, they didn't actually know what information they were supposed to get. I'm certain that they accidentally harvested a good number of valid email/password combinations since it's a leading company that is owned by a major car manufacturer and has a good reputation.