I use a very simple “hashing” algorithm that I can do mentally. If I want to log into a service, I “hash” its name, and that’s my password.

Every service I use has a different password, and I don’t have to remember any of them. I have no keyvault that can be stolen.

MFA is still an issue. You’ll need your recovery codes to be accessible, but encrypted.