If you're wondering if your email password has been compromised in a data breach, haveibeenpwned.com will probably be able to tell you. I have a lot of addresses, and about half of them have been!
Knowing how our data is used once compromised, as well as how it is compromised in the first place, can help in forming a strategy to protect it. The founder of HaveIBeenPwned wrote an extensive and informative article that's not too deep, which also dispels a lot of the FUD.
If you have a website, HaveIBeenPwned has another couple of tricks up its sleeve. As well as being able to check if your domain has had a breach, you can check user passwords against the millions of compromised ones, without disclosing them, via an API they have developed. The free version of the WordFence firewall WordPress Plug-in incorporates this already. A blog article goes into that pretty thoroughly and is worth reading even if you're not using WordPress.
I never liked the idea of a password manager. I have a system to make a unique(ish) password for each site and remember what they all are, but it would be quite easy for an attacker with three or more of my passwords to figure it out. Soon I'll be managing sites with crypto transactions happening, and it's just not good enough, so I'll have to take the plunge.
I don't want to be dependent on any third party, but need to be able to sync my passwords on a number of different systems, and have something secure. I don't really want a database system either. Windows registry taught me that early on.
Pass is a cross-platform manager using an encrypted flat file for each site and password. It has GUIs for all major platforms and plug-ins for most major browsers. It's not as easy to set up as many of the managers, but easy comes at a price: usually dependency on whoever made it easy.
Anyway, I hope someone finds this useful, I'm only just starting out on this but it has to be done, I think. Here's some more stuff:
1.4 Billion Clear Text Credentials Discovered in a Single Database