As a consultant, I have been given access to a lot of passwords for clients. From corporate bank accounts to production servers at government agencies. So they are very sensitive, and when my contract is up, I delete the password folder for that client. I started doing that with clients, then eventually ended up continuing it to my personal passwords as well.
You talked about not even looking at generated passwords, which is different from client's passwords. That's the part I didn't understand.
Although, honestly, the other part seems more bizarre. Gov't agencies and other clients are just giving you their sensitive passwords, and trusting you to delete them after the project, at your leisure? How is that not terrible security? Revoking a consultant's security needs to be in the hands of the employers.
I'm pretty sure the passwords I'm given are generated. I wouldn't really know as they shared the passwords in a file with me that I never looked at them. I'm sure they cleaned up accounts on their end, but I would rather do some due diligence on my end as well. I don't know their processes and procedures.
But why even know your own passwords, what is the point? If I can double click from my manager and paste it into my password field and never have to worry about knowing anything, I'm much happier and safer.
