Having a strong, unique password might not be enough if hackers trick you into giving it away or steal it from your email provider or bank.
That's why for your most sensitive accounts—think your email or banking accounts—you should set up two-factor authentication (or 2FA). This simply means adding a second step to log into your accounts. First, the password. And, second: either a code sent to your cellphone via text message, or created by a special app on your phone. Even better, the second step can be inserting a physical token such as a security key.
Hackers are getting better at phishing 2FA codes or stealing them by taking advantage of flaws in the backbone of cellular networks worldwide, known as SS7. So using security keys is the best way to make phishing practically impossible, and is the most secure way to do two-factor authentication.