Before I start on some examples, a quick note on security on accounts and a reason why I've chosen some of the tools I use:
Multi-Factor Authentication (MFA) is a big deal. Use it.
All accounts that I use that can have a MFA, have one. This is something I have enabled on all systems that can have it. This includes my email, AWS, and GitHub (and therefore CircleCI).
The really important tools (GitHub and AWS) are partially chosen because they support MFA, and you can be sure I use it to protect those accounts!
Personally for MFA controlled accounts, I don't really care too much about what password I use - sure I still use a password manager that dictates a random set of characters that I'll never be able to remember, but I also don't care about password systems as a subset of a MFA controlled account in general as passwords are too easy to brute-force in most cases.
OK, back off I roam into the ether once more...