My Steam password is one short weird phrase that I can remember. I haven't changed it since high school, ~15 years ago. Never had any security issues.

The modern landscape is frustrating because that setup actually works. Passwords, from a technical perspective, are actually great and are are bulletproof as long as they don't leak. No 2FA required. The entire issue is data leaks and phishing.