If you're on this comm, you've heard this before. You've probably been putting it off. It's time to stop being lazy and just do it.
Pick one. There's Lastpass, KeepassXC, Dashlane, and Bitwarden.
Lastpass, Dashlane and Bitwarden all keep your passwords online, and allow you to easily login to sites with autofill. KeepassXC is the most secure option, and keeps your passwords locally on your device so they aren't stored anywhere else. I don't recommend KeepassXC unless you're really paranoid or need extreme levels of security, since the usability of having to sync your passwords manually is a hassle that's just not worth it for most people. Those first 3 are good, secure options. Take a look, and then pick one. Your password for your password manager needs to be unique, used nowhere else, and LONG. These are all non-negotiable requirements.
AND THEN ENABLE MFA (MULTI-FACTOR AUTHENTICATION]
This makes you need both your password and a second token, like a one-time code on your phone, to login. It's mandatory. Any important accounts that you have NEED to have MFA enabled.
Cool, now it's setup. Put in all the passwords that you remember, add the extension to your browser, and let sites accumulate in the password manager for a while. Then, go and change all the accumulated passwords to long, random strings generated by your password manager. None of your accounts should use any of your old, long reused passwords. None. It's very likely that they're compromised, and they shouldn't be considered secure.
I just setup 2fa with lastpass but now I'm paranoid about losing my phone. I've never lost/broken a phone in like 12 years of pocket glass usage so I'm due for an unfortunate event.
That's not how probability works.
If you've gone 12 years without breaking it, that probably means there's less than a 1/12 chance of breaking it in any given year. This figure is a bit of a simplification of the math but it's pretty close.
There’s usually backup codes that you can put somewhere in the case of you losing your phone. I highly recommend setting that up and putting them somewhere safe and difficult to access, since you shouldn’t ever need to use them.