Instead of responding to breaches, I would recommend an annual (more frequent is better, obviously, but I think annual is fine) cycle of rotating passwords. Just pick a day and spend it replacing passwords. As a side effect, you get a mental update on exactly what identities you're managing and whether or not you want to modify or close them.
This should be fairly straightforward even for non-technical people, if they've got a grasp on actually using the password manager itself. The hard part is (1) getting the list of identities, which isn't too hard if you're hand-holding, and (2) actually remembering to do it. (Which is why annual is nice. You can peg it to a holiday you already celebrate, or substitute it for one you don't. Halloween, for instance, because breaches are scary? Or something.)
Bonus: if a breach happens that actually feels scary, just do the rotation ritual ahead of time. Not that big of a deal.
This should be fairly straightforward even for non-technical people, if they've got a grasp on actually using the password manager itself. The hard part is (1) getting the list of identities, which isn't too hard if you're hand-holding, and (2) actually remembering to do it. (Which is why annual is nice. You can peg it to a holiday you already celebrate, or substitute it for one you don't. Halloween, for instance, because breaches are scary? Or something.)
Bonus: if a breach happens that actually feels scary, just do the rotation ritual ahead of time. Not that big of a deal.