Security education via security features

Let's talk about UX and security - those two may not seem to go hand-in-hand. Some services encourage users to enable additional protection, some have it enabled by default and some have these options hidden deep in the menu. 
I will compare security features available for users in multiple services including telecommunication providers, online banking and cryptocurrency exchanges across Poland, Australia and USA:
- PINs, passwords and authentication in mobile apps 
- fine-grained payment limits for cards and wire transfers 
- 2-factor authentication 
- geolocation security 
- biometric authentication
- process authorisation
How to introduce security features to make users adopt them easily? How to educate users by allowing them to set up additional security mechanisms?