[altharaz]

My recipe is AdBlocks + automated updates enabled + firewall enabled + desktop shortcut for web browser + regular antimalware check.

Regarding phishing, I set them up with a GMail account and their filter is quite good against this.

So far, not anything bad happened, some minor malware were installed through malicious web browser extensions, but no financial damage or identity theft.

[rmetzler]

One thing I would like to add: let them set long passwords [0], different ones for each service and write them down in a dedicated notebook.

[0]: https://xkcd.com/936/

[NationOfJoe]

wouldn't a password manager be better then having them write down/re enter long/complicated passwords?

[altharaz]

From my experience, the password manager is just another issue to solve for this kind of people: it’s another software to use and these users do not like to use software.

As a result, paper is sort of natural for them, and the only way I found to impeach them from writing down their passwords is to make them use passphrases instead of passwords.

They do remember the passphrases they typed in, however the issue is that some websites still refuse passphrases because they are too long :(.

[gsich]

depends on the password style I guess.