it's enough to leak your Email password and all your other website passwords will be changed. 

 Not if you use 2FA. 

 2FA doesn't fix using the same factor everywhere else.