1: Enable Two-Factor Authentication (2FA)on all platforms where you store valuable assets or personal information.
I'm just wondering, don't all exchanges require users to have 2FA? Without 2FA, an account is like an open cookie jar for hackers. But since it was mentioned in the OP, I'm curious. Most exchanges I use force me to enable 2FA, and sometimes I even get an email confirmation when I transfer coins.
You would think that wouldn't you. Yes, all major exchanges do have 2fa and force you to use it, but there is hundreds of smaller ones you probably didn't even hear of, that don't.
Also, lets not forget, SMS based 2FA is like having a door lock enforced with a small string. Unsafe