I’ve been using KeePass for several years; it’s free, very logically designed and one can even store documents inside its database. I created a very long, complex main password that involves an odd personally meaningful phrase altered with characters, spaces, and symbols, and have no reason to change it. Then, it generates complex passwords with whatever level of security is needed, for every single site, account I ever access; some I have to update periodically, but KeePass will generate new words with the same criteria as the old one so I don’t have to keep getting refused for using a ‘%’ sign.
Still, my VISA card has been compromised a couple times yearly, and almost certainly the old fashioned way — a living person I gave my info to while ordering from a reliable online business likely just used that info a few days later. Duh. The companies don’t care, they just issue a new card, credit you IF you are a good customer, and off you go again.
Excessive security gives a false sense, but not true sense, of safety. Losing one’s ability to access personal information, accounts and sites is often far worse than the relatively lower risk of being cleaned out by a hacker. Keeping a low profile works, because no hacker can get you if they don’t know you are there; a random machine crash, however, can take months to laboriously reconstruct to gain access to lost materials, if at all, so backing up may be worth more in time than belaboring security measures.