Use passkey, webauth, like with Yubikey or similar, this will make you password leak unusable. Of course you must have unique password and use a password manager to generate and enter strong and long password.

All these services support passkey and webauth. It's the only phishing-proof, easy to use, privacy friendly 2FA.