The nine phases of paranoia

Phase 1: You select a password that "only you could know" and use it consistently everywhere.

Phase 2: You start selecting "random" passwords — first drawing them from your own head and later switching to a tool like pwgen — mostly with enough discipline to use them at only one site, and record them somewhere safe, like a password-protected spreadsheet.

Phase 3: Disciplined use of a proper password manager (crypto-quality machine-generated passwords, always unique per-site).

Phase 4: Use of two-factor auth, for high-value accounts at first and later for everything possible.

Phase 5: Out of fear of social engineering attacks, even with random passwords and two-factor auth, you start using a unique email address per site (eg. "random-word@example.com").

Phase 6: You register beware-of-social-engineering-attacks.com and start supplying a random unique email address at that domain per site.

I'm currently at phase 6 (although with a different domain name; keeping it secret for security through obscurity) and wondering what phases 7 and above will be (hopefully they don't involve totally going off the grid).