It is critical to have 2 factor authentication on your critical accounts online. You may have a strong password but the hackers can still gain access to your account if they managed to hack the servers. They will gain access to the user name and password.
My EA account was hack recently and they gain access to my account without myself realizing it. EA also have a weak protocol to identify the account holder. It was when I read my email that I realize someone was using my account to talk to EA customer service.
I regain control of my account from EA and apply the 2 factor authentication straight away. Every time, you sign in with your user name and password, a sms code will be send to your mobile phone. The account can only be access when this code is enter. This is really a fool proof method as far as till today.
Many website now support 2 factor authentication through mobile phone or hardware token. All banks in Singapore are now using 2 factor authentication. The only person who can break this fool proof plan is your closet family member or friends.