What is two-factor authentication (2FA) and why do you need it?
Two-factor authentication adds a second lock to your account: besides your password, a code from your phone or a confirmation in an app. Even if your password leaks, an attacker still cannot get in. Enable it at minimum on your email, bank, and password manager.
Passwords leak: through data breaches, phishing, or shoulder surfing. Two-factor authentication catches that by demanding something an attacker does not have: a code that changes every thirty seconds, a prompt on your phone, or a physical key. The effort for you is seconds; the barrier for an attacker becomes nearly insurmountable.
Not all 2FA is equal. Codes via SMS are better than nothing but interceptable. App-based codes (TOTP) are better, and passkeys or hardware security keys are the strongest. Many password managers can generate those app codes themselves and fill them right after the password: Bitwarden Premium, Proton Pass Plus, and 1Password have it built in, keeping everything conveniently in one vault.
Start with the accounts that unlock everything else: your email (it resets every other password), your bank, and the password manager itself. And when you set it up, always save the recovery codes; they are your lifeline if your phone goes missing.