Same way I do at work. Different accounts and passwords for each service internally. Any service exposed to the net (game and email servers mostly) is on a segregated network and each machine has unique credentials to help prevent lateral movement. Self hosted Bitwarden tracks it all.
I do it for the same reason I require outbound firewall rules for almost everything on my home network - I’m a masochist.
9 hours later…. 0 downvotes 😂