Think about what multi-factor provides and what does it not provide?
Read through the options https://www.lastpass.com/multifactor-authentication and see what the different varieties are.
Check out this site to see all the things you can put multi-factor on. https://twofactorauth.org/
Read about how physical key devices work. https://web.archive.org/web/20180422212245/https://www.yubico.com/why-yubico/how-yubikey-works/. I used to have them, I don't anymore. Too inconvenient.
Read about Google's Advanced Protection. It is the best you can get right now but you probably don't need it. For the record, I don't use it. Too inconvenient.
A brief note: Cell phone text messages aka SMS are commonly used for multifactor auth. These are not great, because a) someone can steal your phone number and get the texts sent to them b) intercept of text messages
However, those things are not in your threat model unless you are famous or have cryptocurrency wallets.
Another note: Just because you have multi-factor doesn't mean you can't get phished for it!