I agree with you because most of those who hack is because their password is too easy so easy to hack easily master their account.
maybe I'll add # 3 to your suggestion: it's not easy to click incoming links via email messages or bitcointalk accounts, learn carefully because most are hacked through PM
My account got hacked even though i have strong password both email and btctalk account, still didn't know how the hacker can change my email address and my password.