I fell for a scam email once and had to change my password in a hurry while I was away from home. I have had their phone number in my contacts since then, and I call EVERY time something looks suspicious.
I tried using one of those password generators, but I realized, almost too late, that the "random" passwords were generated by a computer, so there will always be a record of the passwords it gave me in someone else's database. So I came up with my own system for making passwords that no one can connect to me or the things I like.