So first, and most importantly, never reuse passwords, no matter how trivial. Eventually any company will screw up or be hacked, and your password exposed, and then someone can try it on every other site.
Second, use a password manager for every password. I use 1Password, but other options are available. Don’t write passwords on paper, unless that paper is stored in a safe (and then where do you store the combination?). Never write your passwords on a whiteboard! Never speak your passwords aloud!
Third, use a strong password, not 12345. 1Password will offer to generate a three-word password for you. I take that and often modify it, then save.
Fourth, keep your password vault safe: Put a good password (not just a number code) on your phone, always lock it and set it to autolock immediately, put a good password on 1Password, memorize that, write it NOWHERE.
Fifth, secure your devices. TouchID is a great convenience and a “tinsel lock” to keep semi-honest people from poking around in your phone, but it can be used against your will. When I go out, I turn off TouchID so pigs or other armed criminals can’t force me to unlock my phone, and from there get to my password vault. If it’s on, you can restart the iPhone quickly by holding power and home, and then TouchID is turned off.
On your computer, 1Password should always ask for a password, but it’s also a good idea to lock the screen whenever you’re away from it. On the Mac, open Keychain Access with Spotlight, Preferences, turn on “Show keychain status in menu bar”. Now you can just click the lock in the menu bar, Lock Screen, and you’re safe.
So you end up with defense in depth here: A strong unique password on each site. A secure password vault. And a secure device holding that vault. That’s not paranoia, it’s how you secure your data.