FWIW, a security checklist:
1) Use GA 2FA. This solves 90% of security issues.
2) Don't re-use passwords. You can check if one of your passwords was leaked here: haveibeenpwned.com
3) Watch out for phishing emails; when in doubt go to the known URL to submit passwords.
Conversation
For color on why you should use GA/Authy/etc. 2FA instead of SMS 2FA, see this: coindesk.com/another-att-si
Quote Tweet
Replying to @loomdart and @CryptoDonAlt
No gents, having 2fa and unique password doesnt protect you from session hijacking.
Here is what im talking about:
youtu.be/IL-t-2J4X4w
1