By the MenHerr Research Team · Salinas, California
If you do exactly one security project this year, make it this one. It takes about 20 minutes per family member, costs nothing, and removes the single largest source of account compromise.
Any reputable one will do. The MenHerr Family plan includes one; Bitwarden, 1Password and Apple's iCloud Keychain are all fine. The point is not which tool, the point is to have one.
In this order: your primary email, your password manager, your bank, your phone carrier, your government / IRS account. These five, if compromised, give an attacker the keys to almost everything else.
Use an authenticator app rather than SMS where possible. Save the recovery codes inside your password manager.
You do not need to reset all your other passwords today. Just commit to never re-using a password again. The next time a site says "incorrect password", reset it to a generated one and let the manager save it.
That is the whole project. Done well, it takes a Saturday morning and prevents the most common attack on the internet.