We still have not heard if the hacked Equifax data was encrypted or not. You would think surely they encrypted it. But if so, why not say so?
They'll get no usable data from hacking my account at any email, forum, or other such site
That's good - but note they likely also got IP addresses and with that, someone might be able to glean physical locations too.
I think it would be wise to assume the bad guys know everything about us rather than believe we have outsmarted them. This is even more true if there are others living under the same roof.
I am reminded of what the military calls EEFI (pronounced "eefee") for "essential elements of friendly information". It is a part of OPSEC (operations security) and is a series of unclassified information that, when put together, reveals a classified mission or data.
Base supply gets an order for 7 cold weather parkas.
Base transportation gets an order for a shuttle bus to arrive at point A by 0330.
21 MREs (meal ready to eat) are ordered to be ready for pickup.
The armory orders 100lbs of munitions to replace what was checked out.
The Life Support shop is ordered to pack 7 parachutes.
Fuels are told to have a C-130 fueled by 0400.
Individually, those are common, unclassified events that mean little. Put together and you learn 7 people are leaving very early in the morning, likely to jump in to a cold climate area and planning to stay for up to 3 days. The more bits of unclassified information that is learned, the more details about the mission are determined.
Securing passwords is certainly important, but not very effective. With an email address and answers to common security questions, a bad guy can reset a password and change email addresses. That's one reason there is a push to do away with passwords completely. Using an alias is a great idea, but unless you use a different alias at every location, not sure that helps. And it only takes one very close friend to get his or her accounts hacked for your "real identity" ("contact") information to be exposed.
While I am confident my network and none of my computers have been compromised, I am assuming that is not the case with every one of my close friends and families who might have my real identity information stored on their computers.
In the case of Equifax, if you ever co-signed for a loan for one of your kids, your information may be compromised. If someone used you (with your real name, phone number, street address and relationship) as a reference, you might be (probably are) compromised. I fully believe no matter how careful an individual is and has been, that in no way ensures they have not or will not be compromised.