It is your responsibility as a product owner to protect users from their own security worst-practices. This is true everywhere, but it's especially true in software development. For better or worse, many people reuse passwords. It's not a great idea, but they don't deserve to have their lives upended because someone decided that it's their own fault for not being savvier.
If you don't have any friends that can help then you will likely have to pay someone. "Security engineer" is a job after all.
It is your responsibility as a product owner to protect users from their own security worst-practices. This is true everywhere, but it's especially true in software development. For better or worse, many people reuse passwords. It's not a great idea, but they don't deserve to have their lives upended because someone decided that it's their own fault for not being savvier.
If you don't have any friends that can help then you will likely have to pay someone. "Security engineer" is a job after all.