[MTemer]

I always use huge passwords, do you think using an easier to remember ~10 digits password will be secure enough if I use 2FA?

Or there is another attack vector that I'm not aware of?

I imagine if somebody steal my password I would get notified (Gmail) and could easily switch to a new one, no damage done.

[bdcravens]

I think a good password manager + 2fa will be adequate. Make password manager long but memorable and then make passwords you generate crazy long, like 24 characters or more. That and 2fa all the things.

[MTemer]

But if you're using accounts in "public" (like in the office) computers, aren't you trading an unlikely bruteforce for a single point of failure: your password manager, who's also in the cloud? Unless you also use 2FA on the password manager and there's no way for a compromised OS to copy your entire (unlocked) password manager DB. Oh god, I went too far.

[bdcravens]

Most password managers encrypt your contents one-way, and don't offer a forgot-password feature. Not all are in the cloud (1Password, KeePass, etc), though they can be cloudified via sync (for instance, use Dropbox or iCloud) Some support the Yubikey for authentication.