Yeah you make great recommendations. I too am a big fan of 1Password. I don't know what I would do without it. You are correct about the 2FA and the phishing attack. They broke into the accounts then enabled the APIs. Very nasty. However, I heard that Binance was able to respond fast enough to keep them from withdrawing from the 31 accounts they created ahead of time that owned the VIA coin that they sold into BTC. Binance was able to replay the transaction and restore the money back to the people that got hacked. I haven't confirmed what I just wrote but I heard this from Crypt0.
You are welcome for the SmartCash. Enjoy