1: Enable Two-Factor Authentication (2FA)on all platforms where you store valuable assets or personal information.
I'm just wondering, don't all exchanges require users to have 2FA? Without 2FA, an account is like an open cookie jar for hackers. But since it was mentioned in the OP, I'm curious. Most exchanges I use force me to enable 2FA, and sometimes I even get an email confirmation when I transfer coins.
Not all, I didn't have 2FA enabled on my Binance and Bybit accounts for years until sometimes December last year when I finally activated it, I was okay with my email OTP and keypass security options.
The problem is weather they're activated or not, if the exchange get hacked no matter how hard your personal account was secured, you funds will be wiped out. The best security is not to have personal assets stored on centralized exchanges, you can be careful with your account security but what about the exchange? Can they be careful enough?