I agree. But after installing Primal on my phone, getting the public and private key to be able to log into the same account in my browser was super easy, just copy/paste into a secure location, copy paste into the browser login, and I was off and running. I think it would have been almost as easy if I wasn't already familiar with public/private keys, it would have just taken a few more minutes of research and a brave step into the unknown to expand my comfort zone. Which is what I did way back in 2017 when I started down this path. Eventually, adoption will come as more people get comfortable with how it works, I really don't think we need to massively adjust how it works if it introduces holes in security.
Believe me, many old people and youngs too doesn't care about these things, they just want to use something in the same way they always did. But I agree that with centralized mode with email and password, the user should have access to nsec to be able to login in other apps to, if they want.