2FA with some rescue codes printed and kept in your wallet / safe box seems like a reasonably bulletproof setup (hi GitHub!), but not every important site offers this.
Yes, that's decent. I also like services that allow you register multiple 2FA devices for an account. e.g. my back up phone not only serves as my back up phone, but also my back up 2FA device. I believe rackspace allows this.
Unless you're a victim of a targeted attack, and the perpetrators know your accounts and go to immediately hijack them, it's a non-issue. You just generate and print new rescue codes, and the old codes become invalid.