nostr:npub1llzxpc6c3w92hczu49dsxcfqkp5tl9f5e30urrgf2v8tqnu7pkgsww08cq you could create policy to enforce use of public/private key authentication instead of passwords? Also create a state/EU funded browser that is very careful with how domains are shown (there are other reasons to have a public browser)?

Neither would fix the problem, but they would help. Also just education campaigns in schools and universities?