I believe you are mixing up some things.
The sandbox user is on your computer. It is a windows user. You are on windows, are you not? You realize you can have an admin user, a regular user and a regular user with admin privileges? Regular users cannot access data from other users. That is all there is to it.
2fa is just the concept of having two separate tokens. One is the password. Another one can be phone, email, a special device, whatever. The method used on itch is "totp" and you need a totp app for that. Print out the one time codes, should you decide to use it.
Regarding what is "enough". Running games not with your main account, is just a very effective method to gain much security for a little bit of effort. Especially on itch, since sadly many people abuse this platform.