1) Do not use your personal phone number for 2FA. Use SIM cards without contracts.
5) Do not use any web wallets or online services to keep Bitcoin. If you need to keep them on an online device (for whatever reason), at least make sure that you're talking about a local desktop client.
Quoted you to discuss your first and fifth points.
I just wanted to know that if I use my personal phone number (specifically non-contract sim cards), isn't it still on the edge of getting hacked?
Your carrier shouldn't be able to revoke a non-contract sim to which no information is actually bound. In that sense, it should not be 'hackable' in a way as described
And when you said that we should keep our coins in a local desktop client, say if I am using any web wallets like blockchain, so is it not good to have all my coins be kept there?
Your web wallets, and those especially that use 2FA are vulnerable to social attacks. A desktop wallet is only vulnerable to targeted attacks, in which you machine has to be compromised. There's a huge difference in the possible approaches for a malicious individual.
In my country employees working for the service providers, work with syndicates to social engineer Sim swaps. The one moment your
phone is working, and then the phone freeze. You reboot and then your Sim card is cloned and swapped. Many people here link their
phone to online banking, so this is the main reason why they are doing this. Everyone just need to remember that this is not Bitcoin's
fault, but a failure on a third party service
using Bitcoin.