It seems there is no absolute security with this neverending battle. But one can make best use of existing defences. For example, some WWW services use two factor authentication (2FA) when you update an account. The server sends a clear-text SMS message which you enter into your application page. Hackers have tools and tactics to intercept and exploit this procedure.
A hardware security key mitigates this weakness because it has unique encryption codes which can't be modified by software hacks. The key shown is made by Yubico to plug into a standard USB port. When you add this key to your account on Google or Facebook, the service requires you to plug in the key and tap it for login. Then you are good to go.
Keep the key with you as if it were a credit card. If your computer fails or is stolen, you can use the key on another computer. Some phones, such as Google Pixel 4, have a Titan security chip which you can use for account setup. Nobody should use an App or SMS messages for account security. If you have a business which stores private client information, it is more important to use this technology and consult a security specialist.
Yubico Example .. Breaches come to those who wait!
