I'm not in IT or related sectors but my son did experience identity theft years back. It wasn't fun. The only password I remember these days is the master password and everything else is randomly generated and changed like clock work every six months. And whenever available we use two step authentication as added precaution. Even that sometimes is circumvented. Just recently our TMO account was target of fraud -- completely TMO's fault and they lost a Samsung Edge 6 plus!

You can understand why some of us get anal about security these days!
Good luck