I get the need for security for any website for financial information, or personal (no not facebook or twitter), but stuff like doctor's office portals. FB and twitter are a no-brainer, don't put personal stuff on there, cause no one gives a damn in the first place
I use long passwords that are total gibberish, generated by a password manager. Some use 2FA measures, some are simple enough, i.e. a code sent to my phone, which is great if I'm on a laptop/desktop, but makes zero sense if I'm on my phone.
Third party, such as Zenkey, requires an app on my phone... PIA, and relates only to a couple of sites. Then there is ID.me, DS Login, Login.gov, and likely many more I have not encountered. Each requiring you set up an account with these authentication services.
Some apps on my phone use my fingerprint, which is great in that's in simple, fast, and likely good security... combined with the fact the fingerprint reader on my Pixel phone is excellent. The wife's fingerprint reader on her Samsung phone, not so much.