I think it's good to be security-conscious but you shouldn't be paranoid. The most important thing is your password - it should be long (at least 10-12 characters) and impossible to guess. Nowadays serious institutions don't store passwords in their database, they only store hash values, so even if there's a security breach your password should be safe.
I also use a password manager (LastPass). That way I don't have to remember all my long and difficult passwords. I don't use two-factor authentication unless it's required because I don't think anyone's out to get me. In my opinion, a strong password is enough.