Use hardware-backed authentication for high-value accounts and always verify the official app or domain. Avoid following links from unsolicited messages.
Prefer authenticator apps over SMS. Keep backup codes in a secure offline location.
If you lose access, use official recovery flows and provide requested proofs only through verified support channels.