I was faced some problems before.
1. I used the same password for all sites. Then the scammers got it and tried to access my gmail , airdrop, and exchanger account, really bad. I changed the password immediately, different password each site.
2. I was stored lots of my data (password, 2fa, private keys, etc) on my phone. Forgot to written it down offline. Then my phone was accidentally hard restarted.
By the way, experience is the best teacher