The thing about two-step verification is that ultimately any account is only as secure as the mail used to create it. It is therefore of utmost importance that the mail you have used is secured by two-step verification (preferably in a closed loop if possible) as well - if you have an old or perhaps a burner phone it would be ideal to secure your mail using that to keep things completely separated in case your day-to-day phone gets stolen.

In addition to the above it might furthermore be worth looking into masked mails - or at the very least tagged mails. If you use G-Mail you can do [yourmail][email protected] and it still reaches the same inbox. Ideally you would want masked mails to ensure complete anonymity, but tagged mails would still add additional security in the sense that the actual tag is required to recover your account.

Now, as for your question on password managers. In my head putting all eggs in the same nest - especially when it comes to something as vital as security - simply does not make sense to me. All it takes is one breach and everything is gone.

If you have trouble remembering passwords try create a system for yourself which is sufficiently random to avoid social engineering whilst ensuring decent (25+, more if possible) length. Or, if remembering passwords truly proves a challenge, write them down by hand and keep your notebook safe.

Of course, everything is rendered useless if your computer is insecure so ensuring proper computer security and applying common sense to what you download remains paramount.