Just something else to consider - what happens if something goes wrong (with yourself). What if you go missing?

I use Lastpass and have delayed Emergency Access set up. This allows one of my trusted contacts and family members to get access to my password store after a week if I don't respond in that time.

I just set up my partner with Lastpass and showed her how to use it - as she had compromised passwords this is the start, next will be getting her to use 2FA where possible however I'll only suggest this after she is used to the concept of using Lastpass.

If that email contained your wifes current password then ensure that password, or any variant of that password is never used again.

I get these emails almost daily - I'm not at all concerned because I use a password manager but I've also found many emails that don't contain an actual password I've ever used. It is designed to scare you, that password has only been leaked in a breach.

Test your passwords in https://haveibeenpwned.com/Passwords (this is safe) and test your email addresses in https://haveibeenpwned.com/ - it is worth setting up pwned notifications also. Troy Hunt does an excellent job with this site and has done a massive favour to the internet as a whole.

I also recommend LastPass, Dashlane and 1Password for people new to password managers. Keepass and other "self store" password vaults I more recommend to experienced users. There are reasons for using a cloud hosted password vault for reasons above also.

Here is a screenshot of the email:

More information about this scam: https://www.netsafe.org.nz/faketortian-email-scam/