I have some questions about security of my various accounts:
1. What are your online accounts security best practices guidelines?
2. How often do you update your password?
3. Are all your accounts have the same password or different or differential?
4. Do you let your browser retain / save your passwords?
5. How long should a password be? Are 8-character passwords still OK?
6. Do you write your passwords on paper? If so, how do you secure that paper?
7. Is 2-factor / multi-factor authentication an absolute must or can I skip that option for accounts that allow me to skip?
Eight character passwords are not okay. Any password that a human can generate on their own, and can remember on their own, is simple enough that it can probably be easily guessed by attackers. Use a good password manager and keep the passwords randomly generated, and as long as the remote system will allow. Protect the password to the password manager with good 2FA, like a hardware token.
As for 2FA, do not use SMS. IMO, that makes things weaker than not having 2FA at all. Use a hardware token instead. Yubikey makes some nice ones, but they’re not the only solution on the market. Do your homework.
Individual passwords for sites should also be protected by 2FA with a hardware token, where that is available. Of course, you’ll need to have a backup hardware token, and a solution for use in emergencies when the hardware tokens are not available at all. Work this out in advance, before you need it.
And practice your backups. Like it or not, when the time comes, you will operate as you have practiced, and if you haven’t practiced, then you won’t operate very well.