I have two services that my main account has zero admin rights on: gitlab and nextcloud. Both have, potentially, sensitive data owned by others. I’ve put massive passwords and MFA on both of those admin accounts. I figure if someone somehow harvests the session data or passwords and cracks 2fa on my account, that’s the only one that will be affected.
I worked at a computer shop years ago. I didn’t snoop but there was one dude who did. On one occasion he found child porn and the cops were waiting when the dude came to pick up his laptop. I’m not saying it was right by any means, but in that instance it certainly fucked up a predator’s day.