Utilize two-factor authentication
When you use Two-factor Authentication (2FA), you must store the 2FA on a second device of yours. It should be a different device than a first device that is used to login your exchange account or email account - that is used to register your exchange account.
If you log in your email, your exchange account on a same device you install your 2FA, it is a bad practice and break protection of 2FA. If you lose that device access, you will lose all (email, exchange account, 2FA and coins). You can not hope that the exchange will detect suspicious activities on your account and temporary lock it or reject withdrawal request. Exchange might trigger it or not, you can not control.
Not a terrible idea, but unless the second device is kept in a safe vault and is only used to receive codes, no practice is safer if you lose the second device that has your 2FA installed, you are still going to lose access. I like the Facebook 2FA code generator since it generates a random master code that may be used if your 2FA device is lost. The codes act as a secret phrase and must be saved in a secure offline location. I'm curious as to why exchanges haven't implemented that yet.