I never got spam on my domain email until a few weeks ago, and I've been running it for 14 years I think. Alas, where it's hosted doesn't have great spam filtering options (Apache SpamAssassin via cPanel).
As a true IT pro - my password "sanitation" is
awful. I re-use a subset of passwords across a number of sites, and rarely change them. I do now use iCloud "suggested passwords" for sites I don't give a monkeys about. For most sites I visit regularly (e.g, on here) I have easy to remember and "weak" passwords. For more important sites, they're strong passwords, and I use 2 factor authentication whenever possible.
My wife is better than me, she does a cleaning of all passwords once every 6 months. Annoying for the shared stuff such as Spotify, but she is more "exposed" than I am - she has gmail, on all kinds of social media etc, and has had her gmail hacked at least once.
+1 for a bit of paper with passwords. Always always always have a "hard backup" for important stuff somewhere.
I had a very small "eGold" account many years back. They got taken down as some "bad people" were using the service, and I more or less assumed the dosh was a goner.
I got a letter some years later saying I had to prove I was the owner of the account from the FBI. It meant "proving" I was the owner of the account by logging in, otherwise the (not very much) eGold would be confiscated.
In the interim I'd ditched Windows as my main OS at home, and went to Mac. I'd also moved apartments and countries a few times. The soft copies of my old Windows profiles all got corrupted in one way or another (CDRW - what a joke! 2 hard disks also failed to spin up etc).
I did have a bit of paper with all my logins. My login for eGold was there
Even better - the price of gold had more than doubled in that time