What I prefer is keep changing your password every 1 or 2 months because I have seen some cases of my friends who used the same password on other websites and their DB got leaked then their passwords were open source and they didn't even know about it till I made a search on his email on google.
The answer to that is simple: don't re-use passwords. I find people are more likely to lose access to their accounts if they change passwords frequently as people tend to forget them and are screwed if they lose access to their computer. Have a fairly strong password, don't re-use it, and make sure you have it safely written down some where and you should be good.
Yes, this is what I was doing in past saving password in text and storing it on a locked usb drive so no one can access it.
But it was not convenient so I switched to LastPass and highly recommend everyone to use it.
It will save your password in the database and even they cannot access it.
What if we lose our account, can we report to admin? With accurate proof, then they try to restore our account