We all use what works best for us. My written record is a backup in case I lose the OS for any reason, I have backups of my password file itself, but the paper one is the definitive, as it were. No I never refer to it except to add or change passwords. The paper record is kept in a secure place under lock and key.
I use a password manager application. The application is password protected itself so I must remember that to open the application. Then I can just copy/paste as need be.Since it's an application it has its own folders. No, I don't label anything "Passwords" or "My Passwords". Prying eyes?
However, for services like email, I always use the 'remember my password' option, otherwise I would be logging in countless times during the day. I do the same for CNET, where little trouble can be caused other than nuisance value.
I would offer the password manager software but it is no longer available. Not a problem for me as the application is stand-alone, it doesn't connect to the internet, (my firewall ensures that as well), and it still works.
I'm not sure Yahoo Mail can be blamed here. Once your email account had been hacked, (and we're not even sure that's the case), then the contacts list was out in the wild and there was nothing Yahoo could do about that. However, perhaps I read your post wrong and you're not blaming Yahoo, but simply saying that you will close the Yahoo account. If so then it's a good idea because you can then email your contacts and tell them to ignore as spam any emails from that account.
It may not stop spam emails from being sent though. It goes like this;
I'm a spammer! (I'm not, just imagining). I have, somehow, got a lot of your contacts list. I will use that to send emails to them spoofed so that it looks like they came from you. I will send millions of emails a day, not just spoofed from you but with any number of real and fake 'sender email addresses'. They will be sent, not just to your contacts list, but to millions of other email addresses.
I use a computer algorithm to generate recipient email addresses. Why? Because so many of us use John123@isp.com, (where isp.com are known email servers). What I mean is, none of us use completely random email account names, and so guesses are as likely to work as not.
I don't care if the majority of those emails I send fail to get results. Many will fail because the senders don't exist. Many will fail because the email providers intercept them. Many will fail because the recipient has their own Junk or Spam mail controls that simply delete the emails without them being opened or previewed.
But out of those millions, some will get through and will be either previewed or opened fully. I don't mind which as a preview is just as good as opened. Most of those will then be deleted, but I only need a few where the recipient reads the email and decides to take advantage of whatever I am advertising.
That's all I need, just a small %age of those millions to succeed for my business to be profitable.
Why don't I care if an email is just previewed? Well, I'm clever. In my email I have included an image which I have stored on my web server. When the email is opened, either preview or fully opened, the email software sends a request to the web server to download the image so it can be displayed in the email. Since the web server needs an IP address to send the image, I can use that to correlate with the millions of emails I sent to find which one was successful. I note that email address so I can send even more spam to it.
I am no longer the imaginary spammer.
You can see how difficult this is. Once they have our email address from any source, it is very difficult to stop them using it. Anyone who contacts the spammer requesting to 'unsubscribe' or demanded to be removed from the list is just proof that the email address is genuine. They don't care.
All we can hope for is that a period of no response to their spam and they will do a 'cleanup' exercise eventually to remove useless addresses.
One other point. It may not have been your contacts list that was hacked. Think of this. Do you send emails to multiple recipients at the same time? If so, what if you included some other email contact who has already been hacked? The CC email information could then be passed on to the spammer.
Do you open "Round Robin" emails and then send them on to all your friends and relatives? What if one of those round robin emails was from a spammer?
It gets more complicated doesn't it.