If you don't use something like LastPass to generate a unique crazy passwords for each platform + plus an authenticator app (sim swap makes text 2fa a no-go) this will happen to you too.
Some folks just don't get it- this isn't 1995 - if you use the same password for multiple sites it's already too late.
Crazy complex passwords that are impossible to remember are an outdated myth that actually harms security.
It actually harms security by making reuse more likely. A Passphrase / sentence is more secure and more likely to be unique.
You simply need to make sure that your password cannot be easily brute forced or dictionary / common pattern attacked and make sure you always use a different password (without a sequential pattern) on each different website.
Where most of the password problems come from is NOT because someone didn't have some stupid crazy enough long password, but because as always some site or company gets hacked because they can't be assed to keep up all the latest security patches. It don't matter how stupid long your password, is at that point the hackers have it in hand.
Then the crooks grab the entire password file, then go on a spree using the same e-mail address / user name / password combination on as many sites as they can to see what works and many times people use the same password for lots of places and they get in. They may also use the passwords and usernames on the site they stole them from as well until the leak is plugged and everything reset.
Sure you can go use LastPass or something to store your passwords, BUT now you are putting ALL your eggs in one basket and hoping that company (how much did you pay them again for the service or is this "free") doesn't slip up... Also now if you want to log into something, you have to hope that company that you stored all your passwords with (how much did you pay them again for the service or are you the product?) is up and running and responding in a timely manner.
That also WON'T protect you if either your computer or the server on the other end is compromised and the crooks can simply read everything out of memory.
The time sync based authentication apps work well and can be used even if the device is offline, however you have to remember to be sure to manually copy the backup key to some safe piece of paper otherwise if your mobile or computing device gets broken, you are going to have a tough time.
(You could also have the same time syncs on multiple devices for authentication purposes if you know how to set that up correctly)
