Your sms is there, your **email\*** is there, your google authenticator is there.
So the best thing would be in the first place to take care of your phone. Don’t leave it unsupervised among people you don’t know. Don’t log into exchanges in crowded places (bus / bus station / concerts etc.)
Use biometric authentication – it can be bypassed but 99% of people don’t know how to do it. On the other hand 100% of the people can unlock your phone if they saw you introducing you password.
Don’t use exchanges on your phone. I know you like to check your portfolio every 10 minutes, but don’t.
Don’t invest more then you can afford to lose.
Don’t keep your crypto on exchanges.
\*This is important because if someone has access to your email it also can use the magic “forgot my password” button.