Get rid of software that doesn't have to be an online service, for one. This cuts 90% of incidents.
Then, all the "common sense" stuff: encourage use of password managers to discourage password re-use, having actual humans providing actual customer support when suspicious activity is flagged, companies educating about safe practices like banks do now (e.g. always call back to a trusted number), spam prevention at the ISP level, SSO authentication, VPN ...
At the very least there must be better ways to do two-factor authentication than what is the standard default.
And to top it all off, on many services, if you cant get all that to work, all you need is your "memorable word". *facepalm*
Then, all the "common sense" stuff: encourage use of password managers to discourage password re-use, having actual humans providing actual customer support when suspicious activity is flagged, companies educating about safe practices like banks do now (e.g. always call back to a trusted number), spam prevention at the ISP level, SSO authentication, VPN ...
At the very least there must be better ways to do two-factor authentication than what is the standard default.
And to top it all off, on many services, if you cant get all that to work, all you need is your "memorable word". *facepalm*