Regarding MFA, this makes your account an order of magnitude more secure, but be vigilant that someone doesn't use social engineering to do a man-in-the-middle attack.
For example, last year I got an unexpected Google verification code sent to me via text message. I know the text message itself was legitimately from Google, because it was contained in a message thread along with other other messages that I received in the past when logging in with a new device or changing my password.
A few minutes later, I get a text message from a stranger asking if I was the guy selling a specific item on Craigslist. In fact, I was selling the item in question, and I had listed my email as contact - but not my phone number. The guy then replies back and asks me to please send him the verification code I must have received from Google - so he could verify my identity before sending payment or so he claimed. I replied back that I never received any code from Google - so could he please request it again. He replies back and accuses me of trying to scam him.
So, I replied back asking him to please call me directly at an alternate phone number - so we could discuss the matter. The phone number I sent him was actually for the cyber crime tip line of my city's police department. 🙂
I never heard back after that. There is no telling what information he had to attempt this hack, or how many people may have fallen for it. After thinking about it, I realized that this guy may have already known my Google email and password, and was attempting to get past the new device activation feature. So, I reset my password at that point.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho