You need to be using two-factor authentication (2FA) for your online accounts that matter.
In the past 2FA was a kind of geeky thing that only the most security-conscious would bother with. Today, it's essential that anyone storing sensitive information online or using online services for anything remotely important employs the use of 2FA.
It's an imperfect security mechanism and there things about it that are inconvenient, but for now it's the best intermediate option for protecting against unauthorized access to your accounts and your information. Using it is much less inconvenient than trying to recover from having someone take your money, abuse your identity, or access your private data.
Assume your carefully chosen, super-secure password will be guessed, stolen, sold or accidentally exposed. Assume that there are people and automated systems who are trying to gain access to your accounts (yes you, a random, low-profile, non-celebrity Internet user!) 24/7/365. Assume that if someone were to gain access to even one small piece of your online life, they could do damage that might consume many, many of your hours and dollars.
Look at the list of sites/services that support 2FA. When it's available, enable it. When it's not, send an email to their representatives and ask when it will be. If you need help getting it set up, ask.
Don't wait. Do it now. Please.