<
>
Just a quick note regarding 2FA on exchanges: while it is very important to add in my opinion, we must also be wary about the security of the 2FA itself, keeping the backup codes for every exchange we protect with 2FA (and better still, use Authy as a 2FA due to its backup capabilities).
Recently I encountered a case on my local board of a person who has 2FA all around, and had his phone stolen. He didnt have the backup codes to each 2FA protected exchange, and spent many hours trying to remove 2FA on each exchange/site and reinstall it with his new phone. One exchange in particular is a real pain: Hitbtc. The security measures are really high when it comes to trying to disable 2FA after a theft/loss, and you need to prove a bunch of things: IdCard, photos, videos with written specific text, Hash of TXs that served to load assets onto Hitbtc (this can be quite difficult to retrieve), a lot of headaches and time, and the issue is still ongoing after weeks.
In summary: Activating 2FA on exchanges is a yes, but extra care of keeping the backup codes.
Thank you very much for your support @DdmrDdmr.
I will add this suggestion to my guide because I think is a really important one.
This example you provided is exactly what I am afraid of lately.
I am using personally 2FA overall when possible. I have so many codes on my phone that I scroll sometimes a few seconds to find the right one.
I try to have all codes saved and backup but I just can't stop thinking how many hours this will take to recover all these accounts if anything happens with my phone and how not secure is to store this codes all over the computer, phone, tablet, etc. in my case.
I know that sometimes I haven't saved any code when enabling 2FA because there was no code provided. I was sure that in such a situation the main google codes are enough to recover 2FA on each account but lately when I started to write this guide, I learned that this is not the case and 2FA is not so secure especially when on the phone.