Someone should tell them. Users must become more educated about the forces that operate in computing if they are going to be able to continue to use computers with any reasonable level of reliability or security.
I understand that, but at the same time no system will be successful if it relies on what developers ought to do, especially with the kind of coders that pass for "professional" in our industry.
This is going to be an ongoing problem until someone makes it extremely easy for either one side or the other to implement it correctly. With so many divergent development technologies, I reckon it will be much easier to achieve this kind of safety on the client side than the developer side -- LastPass et al are good steps.
There has to be a compromise somewhere. Users will have to accept one day that if they don't want important digital data stolen, they are going to have to personally become serious about password security, unless someone finds magic "fix every computer system's password storage methodology" dust somewhere. In the meantime, a user is welcome to be reckless and he can see which method he prefers.
