Should you? For all of your main, sensitive and/or important accounts and services, yes. For the others, also yes if you feel like.
If you store your passwords in a manager with an account system and cloud like BitWarden, use a mail that’s not obvious. Treat username/mail like an additional password. If I were using email@example.com, I’m basically asking to be bruteforced in; if they have my password (key) but don’t know which of the many doors in the world it can open, I’m still quite safe.
For password strength, you don’t need to risk leaking it to check its security. Most password managers can generate passphrases and passwords, and check their strength for you.
Reminder that long passwords are better than gibberish of various character combos.
pueblo-motivate-till-luridness (1 nonillion years) or Although-Virus9-Issue-Lunchbox (3 hundred undecillion years) are stronger than $M2#MYM%u*55WvFt (1 trillion years) and infinitely easier and faster to type and remember without losing your mind.
Quite better than your 34 thousand years passwords, aren’t they?
Also, your account is only as strong as its weakest link. If the weak link is the server it’s hosted in… https://haveibeenpwned.com/ You can’t do much aside from making sure the password you used was unique (meaning no other account shared it for hackers to try recycling and hitting more of your stuff).
Strong passwords only help from the user side, not the server side (so long as they don’t store them in plain text or some dumb encryption method). All passwords hashed in MD5, SHA-1 or other main methods aren’t affected by complexity and length of the original passwords. Strong passwords are harder to crack than weak passwords without access to the server (guessing, bruteforce, etc).
So we come to 2 Factor / Multi-Factor Authentication. These systems greatly help with security in almost all situations (even on some server side situations, depending on how it’s implemented) because as you already know, it requires an additional check of your identity through a temporary extra password that is generated each time there’s a new login request.
Do mind that 2FA doesn’t protect from everything: phishing, man/machine in the middle attacks, malware, many of those are nowadays designed with 2FA in mind.
Also, SMS and email are the worst for 2FA. Try to avoid those.