I think one of the issues is that the websites need to strike a balance between those of us who are just plain forgetful, providing fast and convenient services while also providing security. I think there are services that are multiple-authentication that go a bit further that are available as well.

Great point on the delayed withdrawal or the Steemit powerdown. At first a lot of people think this is inconvenient but soon realize that it makes your Steem Wallet much more secure in the event someone attempts to steal your funds.