Increasing password length and complexity greatly increases protection.
However, adding a second factor makes it vastly more difficult for someone to break in.
What's a "Second Factor"?
A username and password would be considered "single-factor authentication", where someone only needs to authenticate one value (i.e., the password) to enter.
Disclaimer: One could argue that the username is a second factor, since a password alone will generally not grant access to a protected system. Technically, this is true. Realistically, anyone knowledgeable enough to brute force a password probably already has your username, obtained either through social engineering or dark web resources. Still, there are plenty of systems that actually don't require a username, such as wireless networks, PIN-pad entry systems, and websites that remember your username, for example.
So, for this article we consider the username/password to be one single factor.
Full Disclosure: I have 2FA (Two-Factor Authentication) turned on on every single system of mine that supports it - personal and professional.
At first, it may seem like a pain in the butt to always check a code or answer a security question; however it's a much bigger pain in the butt to retroactively deal with identity theft, bank fraud, and public relations fiascos.
Using MFA (Multi-Factor Authentication) whenever available, in combination with long, complex passwords, is the easiest, least intrusive, and most effective way to increase online security and we recommend everyone to complete a short audit of all your accounts to verify that it is turned on.
If you are a business or an individual who would like a bit of assistance with your online security, please contact us at any time.
"Slowing down is sometimes the best way to speed up."
-- Mike Vance