This day is an unfortunate day for me as I just discovered that my MyEtherWallet account where my ICO tokens are parked has become a victim of phising and almost all of my tokens were withdrawn to another wallet. I think there is nothing anymore I can do about.
MEW is recommending 2FA but I find the procedure beyond my comprehension. We really have to be careful on the sites we are logging at as it can be a subtle phising site that can victimize us. I really regret why I choose to transfer my Ether to MEW...
2FA is the simplest and most effective solution to completely prevent account theft.
The procedure is extremely straight forward, you use a smartphone app that generates temporary codes. What about it don't you comprehend?
Being unaware of 2FA is one thing, literally losing everything because you couldn't comprehend something a 12 year old can do is completely another.
Nothing is 100%. 2FA doesn't prevent a phisher logging on with your credentials, he just has to present you with a fake site, and pass along whatever details you give them in realtime. With Bittrex this is somewhat countered by having to be logged in for 2 minutes before withdrawing (so you have to put in a different 2FA code to what you logged in with, meaning that they cannot initiate a withdrawal), but it doesn't stop a smart phisher from playing the long game, hoping you don't realise you're being phished, and redirecting the funds the next time you're prompted to use 2FA (probably the next time you initiate a deposit or withdrawal yourself, or more riskily they pretend you were logged out and prompt you to login again).