I think setting up a pihole for them is a safe bet since they don't have to do anything. Other than that maybe a password manager with an add-on would be also low on convenience reduction. Or changing their browser to SecBrowser might be a good idea.