Phishing: Don't answer at all
Basically, passwords have no place on the hard disk. They should also be complicated and contain a number of special characters. Words such as 'I', 'boss' or the name of your dear wife are virtually an invitation to phishing.
In phishing, an unauthorized and anonymous source attempts to 'tap' such and other data. Often via fake e-mails that look deceptively similar to the corporate design of your bank, for example. You are asked to enter your secret log data in a form. An anonymous person, perhaps from Timbuktu, Caracas or Sverdlovsk, is then happy to gain barrier-free access to your account and plunge your account balance deep into the red.
So the big rule is: banks - and other service providers - would never ask for your personal data by e-mail. Any email that asks you to do this is therefore a phishing attempt. The same applies to emails from African potentates' daughters who 'quite by chance' have discovered ten million US dollars in a hidden account, which is why they would like you to temporarily store this black money in your account in exchange for a share of the profits.
The word 'phishing' is a nerd term. Nerds, on the other hand, are those bespectacled figures who are supposed to sit in front of their monitors day and night, munching on pizza and popcorn. The word is made up of 'fishing' and a hint of hacker slang, where every word beginning with an f is notoriously adorned with a ph: Full phat, ej ...!