Yes a 2FA thru a Security Key like a Yubikey would be the way to go.
Also I never use my main krogothmanhattan account from anywhere but a "safe" computer at home that is not used for anything else but banking and safe stuff period.
A person must never have his password autofill saving their passwords and if any link is presented and the forum asks you to log in again, that is a red flag right there!
Keep your passwords offline at all times and making it stupid long and complex that it would take centuries to crack thru a bruteforce attack.
I keep mine in a special book in a dungeon that I dread to take out as it takes me forever to put in the complex password that sometimes I mistype and end up doing all over again.
All my gmail accounts I setup to use not only password but also a Titan key as well. Without those two, no chance to login.
Just my two satoshi on this people.
https://www.security.org/how-secure-is-my-password/ https://www.passwordmonster.com/ I used a complex password for my online loaded BTC stamp image in 2017 and till this day it has not been cracked.
http://www.crypto-stamps.com/private3.html I mean the password is over 50 characters long so it will take 2 million trillion trillion trillion trillion trillion years to crack according to one website
Example of a password (&TY(GH&*Bhi87tT&*()T*OBG&*T(&B*&()T^(T&O)T^&*((bihbvir757f%^*^&^R&%DTrsd