So the whole security control is still in our hands too and not to be left as responsibly to wallet issuers, we have to get a strong password that will take 100 years to crack, and then activate some extra security tools like Google authenticator and many more.
A strong password and 2FA can be applied to exchange-wallets but I wouldn't recommend using an exchange-wallet for more than trading.
The best way of protecting your funds is a hardware-wallet... As an alternative you could isolate your private-key from the internet and sign your transactions offline.
More information:
[Guide] MyEtherWallet Offline Transactions [SECURITY]If you don't want to use a hardware-wallet or offline transactions you should at least keep your unencrypted private-key (and seed phrase) off your computer and only use the encrypted private-key (=keystore-file)...