2FA! (2 Factor Authentication)
Some people don't know about these but most exchanges now allows 2 Factor Authentication and even encourage everyone to enable this setting.
What usually happens when you have 2FA enabled is that after you log-in your username and password, the exchange will need one more step to verify that it is really you that is trying to gain access to the account. To do this, they will require you an OTP (One Time Password) or Authentication Code which will be sent to your phone or through your email and usually expires after 5minutes if not used.
A hacker/phisher may know what your password is but he/she does not know the OTP or authentication code that was sent to your phone, thus preventing him/her access to your account.