Ubiquiti USG
Just route your ISP modem into a USG. Use that for the DHCP and use Pi-Hole and cloudflare DoH for all DNS queries.
I discovered you cannot actually switch off the WiFi on a BT Modem!
4 publicly visible posts • joined 28 Oct 2009
To solve the problems of bad passwords, I am surprised no one has suggested checking the passwords users submit against haveibeenpawned. At least then you do not have a password that is out there in the wild (and immediately solves the stupid paswords). Such a plugin to AD would help enormously. It could check off line, if it finds a bad password it locks the account and forces a password reset.
Overall, I think the only way forward is a password manager that provides you with a random password checked against such a database for each site. The password manager enforces a strong password that does n't change. All passwords are regularly checked against the havibeenpawned dictionary to ensure it has not been lost by some organisation.
Something like Bitwarden, which can be self hosted if you think that is more secure, is a great option although it does not give all the functionality I'd like at the moment.
Remember that although FF has 20 odd percent of the total, IE6 still has nearly 25% of the market. These are users with no choice as it is usually big companies and many of these companies are moving to IE7 and not IE8. FF's market share of those users who can make a choice could well be as high as 50%.