I survived inputs.io hack, mtgox and now coinbase. (my loss less than 10% of my holdings) Here is what i do to secure an account:

I use just a complex password. no app, no 2FA, no nothing
My email address cannot be hacked using forgot my password. (even i don't remember that)
make sure u get into the real site
don't use same username or password for a trusted site and an untrusted site
use different complex password for email and other important accounts
passwords may be similar to you but inguessable for a hacker

Split your btc among different services.