Using exchanges that have 2FA enabled on them is an added security advantage, but the security advantage can also be bridge by you in some point, one if you happen to use a same email link to your exchange and it's also part of your primarily email on your device, their is a possibility of you also getting compromise, as one of the first thing hackers target when they want to hack your account is your email as it will give them the necessary details they need in other to be successful in their mission.

So getting into that your primary email, can also give them access to that of your security especially when you make use of Google authenticator which now synchronizes your backed up 2FA to your email and anyone with your email access can easily import them in a new device. So the safest thing is to not leave your money on centralized exchanges. If you must use them once you are done, always withdraw them back to your private wallet.



Sometimes using the same password for everything you do makes it easier to guess and be hacked. But also look at it this way: saving your password and logs on your browser also reduces your security, as if the email linked to your browser is compromised, all your saved logs will be in the wrong hands. And these days browsers are also being penetrated for  data theft without the user's knowledge, so the best thing to do is always login as you go and don't use the save password option; it helps with easy remembering but is also a security risk.