2FA for everything possible my friend. It is the best defense against credentials attack.

Alternatively, I did share (offline) that we could store our private keys in a n encrypted file on our desktop (no doubt for ease of access), but omit some characters and record them on hard-copy or remember by memory.

This is a good way. It is a good balance between security and convenience.

I think at some point I will be buying a hardware wallet. Buying from Ledger or Trezor should be relatively safe I supposed? Then again, I won't be putting all my eggs into one basket. It is best to have a few wallets to spread out the potential damage if one of them is compromised.