If you have no safe means to store your passwords, it is better to use strong passwords that you can remember easily. For example, a password with random phrases - "Banana Slippery Slope". Using a strong password and writing down on a sticky note is as risky as using a very poor password.
Phishing is a method in which an attacker creates a fake web page that looks exactly like that of Facebook,Google Sign In etc. The emails are not always suspicious looking and it usually will tell you to download a file from Google Drive or view a page. If you didn't notice the fake URL or the webpage and entered your passwords, you have given them access to your accounts. This can go unnoticed if the malicious party does not reset your password and everything seems normal.
Chances are good that you might be using the same password across different online services. If one of your account is compromised, you risk losing many other accounts. Therefore, its always advisable to use a different password for each service, especially a strong one for your main email account with which the other accounts are registered.