@yaelwrites I think the most important point for the open letter under recommendations, is not to re-use passwords for different sites. It's kind of mentioned indirectly with the password manager, but I see this re-use as the most problematic issue among end-users. And also to keep your email account extremely secure. I've seen people asking "Which password do I need to enter on this official Apple site? My email password?"
Good initiative!

@yaelwrites good stuff, but I'm surprised about the QR suggestion; I've heard a lot about stickers covering legit codes that can collect payments or even set up credit card theft. Quishing (QR phishing) is a larger threat, mostly coming from email and social media.

I'm also surprised that ad blockers aren't suggested, as they're good defense against malvertising and surveillance overreach. This brings me to the question of who the enemy is: stopping hackers is one thing, but some of us consider corporations and governments to be invasive or even dangerous, depending on where you are. In these scenarios, ad blockers, VPNs (from trusted providers), and airplane mode (especially at protests) can be godsends.

For tried and tested cybersecurity tips tailored for your concerns and devices, you can of course always check out SecurityPlanner.org and some of the other resources on the Hacklore site.