I don't care that you have a strong password. I care that you have a non-trivial but unique password and MFA enabled (even SMS) for each service you use. It's easy for everyone and, for many situations, it's sufficient.
You probably want to do better if:
- you have access to important (admin privileges) or sensitive information (or crypto): hardware token or passkeys for you
- you're encrypting data at rest, like a USB drive: No MFA here, and brute-force is fast and unlimited, so pick a very long sentence that you can and will remember but others can't easily guess even if they try.
And like IPv6 didn't kill IPv4, Passkeys won't kill passwords. They are here to stay. 😅