I Believe if you activate 2FA on your cryptopia and hitbtc or any website
it gives you 10001% safety
you need to be careful of somethings
1. be careful of phishing sites sent to your email
2. be careful of password reset link sent to your phone via sms
3. be careful who you give your mobile device with
4. be careful whose laptop u use, don't log in your account in a public computer system
5. make sure you log out always, without making a mistake.
There are several ways to pass 2FA. So its better to use different passwords for every site you use.
And for storing these passwords never use a software as you know they were hacked in the past too.
I was wondering about why there is no ledger nano styled password storage device