I don’t know what this means. Discipline is good, but I think you need to have good tools/primitives in place to help people exercise discipline.
reply(The classic example being passwords: we wouldn’t need MFA is everybody just “got good” and used strong/unique passwords everywhere. But that’s manifestly unrealistic, so instead we use our discipline budget on getting people to use password managers and phishing-resistant MFA.)
Really? You don't know the difference between having a door lock, and using it?
replyMFA is typically enforced by organizations, forcing discipline. Individual usage of MFA is dramatically lower