This is crazy.

In a presentation at Usenix's Enigma 2018 security conference in California, Google software engineer Grzegorz Milka today revealed that, right now, less than 10 per cent of active Google accounts use two-step authentication to lock down their services. He also said only about 12 per cent of Americans have a password manager to protect their accounts, according to a 2016 Pew study.
Two-factor authentication (2FA), especially the kind where you use an app authenticator is so awesome you can use a much weaker password than normal, should you wish. (I, however, stick to the 16-digit one created by a deterministic password manager.)
Please, if you haven't already done so, just enable two-step authentication. This means when you or someone else tries to log into your account, they need not only your password but authorization from another device, such as your phone. So, simply stealing your password isn't enough – they need your unlocked phone, or similar, to to get in.
I can't understand people who basically live their lives permanently one step away from being hacked. And for what? A very slightly more convenient life? Mad.

Source: The Register