Yep. I keep my passwords in KeePass with a long passphrase, and complex generated passwords for individual sites. Also, 2FA everywhere that has it, using a Yubico physical key, or Authy2 TOTP if key is not supported.
Considering my threat profile (basically a nobody, a very low-value target), I think that's pretty safe. Nobody is going to go specifically after me, but I might get caught in a massive breach that exposes lots of accounts. To stay of top of that, periodically I stop by here: