Respectfully putting a password on a PC is 100% pointless in this case it's security through absurdity in this type of situation. The best security is a clean system once compromised reset the PC fully (format the hard drives) and start from scratch hoping there are no BIOS infections. To skip all the reset damage is done at the instance of infection removing a virus/malware will not often revert the damage it causes, they typically try to comprise the system for easier infection down the road and most software will not fix this once the infection has occurred. Two factor keys are handy, and they do work, but they are not perfect I believe folks have been able to clone them before. They are mostly intended for "absolute security" and if they can be cloned there is nothing absolute about them beyond pointless as they have failed to do the job they were intended for.
Not wanting to start a long debate or argument about it really not but at the end of the day if the device can be compromised its functional goal has been defeated. As for password managers they have had a lot of exploits in the past and will continue to do so in the future, their biggest design flaw is letting you open them. The moment they are loaded into memory (once the master password has been entered) anything can read them in ram as plain text. Any malware can do this and it has been a common problem but sadly there really isn't a good workaround for this as it needs to be in memory to send the password/information to a form/log in. With a 2FA key this is helped a lot and can prevent most compromises but really that is only a solution on your end you still have to rely heavily on the websites and programs not to be stupid and reset the password over phone (once again has happened) generally security is only as strong as the weakest link.
As for sign in to Windows a password there is completely pointless, you can clone the account and once you have the password to the clone can be removed through software (available by Microsoft) so anyone with knowledge of software and security will already know this (typically the ones to target users). If you want to put a password on a system the best would be to encrypt the boot drive they really can't get around that unless the encryption algorithm ends up compromised (kinda like SHA1 has recently). Many folks like to password protect the bios but this can be easily removed in many cases by jumping pins to clear the CMOS or removing the battery from the motherboard and waiting 10 or so mins.
Security is really a myth, no system is perfect, every program has some flaw if it's not one thing it's something else never ends really. The best advice would be to make your information time-consuming to access as no security is perfect but generally folks go after weak targets so if you can annoy them enough you really don't have to worry all that much. Regardless of what ever system you put in place there is always a work around to bypass this, you could have a password on your BIOS, hard drive, Windows, etc just excellent security and it can still be bypassed fairly easily via something like Intel's Management Engine. If this is compromised nothing you do can prevent it or mitigate it, no way to detect it, can be used to access information on your PC while off, etc I'm sure you get the point.
Nothing is perfect, nothing will ever be perfect, and trying to achieve perfect will just ruin your day to day "quality of life" experience with the device.