Online accounts can be lost without warning, but making that loss less painful is easy.
How much do you depend on the services of big tech companies like Google, Apple, or Microsoft? If one of your accounts was suddenly stolen or an algorithm decided to lock it, how devastating would that be? Big companies tend to have little to no customer support, and sometimes no way to recover lost accounts, leading to many people losing their accounts. Someone managed to steal one of my accounts at one of these companies even though they didn’t have the random 50-character password nor the time-based 2FA, and account recovery is now locked for that account. However, I did already have automatic forwarding of emails set up and luckily still received everything I needed. The attacker told me (alongside an empty threat) that they stole my account by using a password that had not been that account’s password for years. My guess is that they went through the account recovery process using publicy available data about me.
Of course, I’m not saying you shouldn’t have accounts controlled by big companies. Just don’t depend on them too much. If you currently do, you can make small changes over time to improve that. Maybe set up something to back up your emails, photos, etc., and/or switch to a service provider with good customer support. For email and calendars, I’ve heard good things about Proton and am happy with Fastmail*. Gradually changing email services was easier than I expected.
Avoiding putting all your eggs in one basket is worth it even if it’s just for convenience. If a service you depend on heavily announces they will shut down soon or remove features you want, it could take a while for you to switch to a different one. Imagine you had set up a disposable email address (see “email protection services” in Tech literacy) for each of dozens of online accounts, and the disposable addresses were all run by one service. If that service shuts down, it would be very tedious to change the address for all of those accounts. If you split your disposable addresses between disposable address services, you will have far less work to do when you need to change some of them.
“What about password managers?”, you might ask. “Isn’t using one putting all your eggs in one basket?” That’s a good point, but using a good password manager is still almost always more secure than any alternative (by “secure”, I don’t just mean confidentiality and integrity, but also availability). You can make your password vault’s password much stronger since you won’t need to remember so many other passwords, and some password managers let you to set up 2FA for the vault itself. You won’t have to worry about forgetting passwords or mistyping them, or about a fire, flood, or burglary causing loss of written or printed passwords. For people trying to steal your accounts, a good password manager changes their process from finding the weakest link in the chain to having only one link to try to break: the strongest link.