Two-Factor Authentication (2FA)
A second lock on your accounts beyond the password — use an app or hardware key, never SMS, for anything holding crypto.
2FA requires a second proof of identity at login — a rotating app code (TOTP), a hardware security key, or (weakest) an SMS code. For crypto accounts it’s non-negotiable: passwords leak constantly, and an exchange login without 2FA is an unlocked vault.
Hierarchy matters: hardware keys (FIDO2/passkeys) beat authenticator apps, which decisively beat SMS — phone numbers are hijackable via SIM swap. Setup details that save people: store 2FA backup codes offline (not in email), don’t sync authenticator secrets to the same cloud account that resets your email, and enable withdrawal allowlists so even a breached login can’t route funds to a new address.