I'm pretty sure my mom has no issues with Facebook's privacy history.

My mom is a lot more worried about seeing pictures of relatives she doesn't like than about privacy.

Maybe the subset of moms that frequents reddit and HN.

Your average suburban mom out there know nothing of Facebook's tussles with user privacy.

While I tend to agree, they could throw in an RSA fob or a smartphone-based two-factor equivalent.

They probably should already.

I like two-factor authentication too, but casual users don't care about this sort of thing until it's too late.

There's a large and growing number of casual users who've dealt with or watched a friend or family member deal with fraudulent charges.

I think a sufficiently streamlined phone app and pitch could net quite a few. Say, demonstrating the feature by showing someone making an Amazon purchase and then getting a phone notification to approve the charge and approving with a simple PIN entry.[1]

[1] Said notification ideally showing merchant, amount, scan location, warnings if it's a card not present transaction, etc.