"Use strong (as in long and/or randomised and impossible to break using
rainbow table attacks) password"
Again, since it's just me, this is do-able. But I'm looking for something practical as well.
I'm getting the feeling that people don't have an MFA implementation.
"if the users are sufficiently discipline"
As a Sysadmin, I can tell you they genuinely are not and they likely never will be.
Hope for the best, plan for the worst.
I also want to clarify that I'm not rejecting any of these suggestions, they're all good.