Yes I use DFA on any major accounts that support it. For me that's my email (Google), because email is such a huge single point of failure in security. If someone gets into your email they can do a password reset for pretty much anything else. And I also use it for my bank, for obvious reasons. I don't use mint though, so can't comment on that. In general I would say always always always set up DFA for important accounts if it's an option. I'd go so far as to have this ability determine who I use as a bank, etc.
The password manager thing (lastpass/keeppass/1password) is a separate but related discussion, since this is about online security.
Here's a good place to start:
http://arstechnica.com/information-technology/2013/06/the-secret-to-online-safety-lies-random-characters-and-a-password-manager/I'll give a quick overview for those unfamiliar.
If you follow online account breaches, the most common thing that happens is this:
1) unimportant/trivial site A gets hacked and all their usernames and passwords get stolen
2) people use the same password, or a variation of the same password, on all sites
3) users have their accounts at super-important site B compromised because of #2
less common, but scenario 2:
1) people suck hard at choosing strong passwords. you are not as clever as you think you are. 'oh I use my dogs birthday combined with my favorite ben&jerrys flavor and the name I wanted to give my son but my wife didn't let me'. Yea, you and a million other people. good password crackers know how you think better than you do.
2) a users account gets hacked directly because of #1
The best solution to this is to use a completely DIFFERENT and RANDOM password at every site. This is obviously impossible to do in your head. This is where password managers come in. You store all your login info in the manager and have it generate a long random password for each site. This solves all problems above, and also improves usability because you don't have to type in your login info anymore. They all have keyboard shortcuts to fill in the login form of whatever site you're on. Couple concerns/caveats, since your password manager obviously becomes a single point of failure. If someone gets into it, they have access to everything.
1) The password manager has what's called a master password you set, so nothing can be gotten out of it without that. Your master password has to be incredibly strong, but also memorable. Since this is the only password you have to remember, and you only have to type it once per computer session to unlock the program, you can make it a good one. How to do this is a whole other discussion, see Ars article above.
2) The storage of this main password database can be a concern, which others above have brought up. I use 1Password because it's stored locally on my computer. Having your computer hacked and the password file stolen by someone that would know what to do with (how to crack it) it isn't an impossibility, but it's not at all a common attack vector. Some password managers store the database on the software companies central servers, which does increase usability (I can't log into any sites on someone else's computer unless I take my password database with me). There is a risk that their servers will be hacked and the databases stolen. This is where a strong master password protects you. Which path to take is a security vs usability question and each person comes to their own conclusion. Bottom line, either method is leaps and bounds above what you're currently doing if you're not using a password manager, so just choose one.
Ok maybe that was a normal overview, not so much quick.