As a provider of financial planning and investment advice, I am perhaps a little more sensitive than most to what can go wrong in terms of online security and privacy. The recommendations below are not intended to be comprehensive or "fail safe", but could form a foundation for improving online safety.
lock your phone
At a minimum, a 4 digit PIN or "pattern lock" can provide a measure of protection, especially against the mildly curious.
BONUS: take a minute to review the "remote lock" function for your phone model, operating system, or carrier.
iPhone Remote Lock Instructions
Android / Google Remote Lock Instructions
go two factor
Generally, you can choose to have your account "remember" that device, so you do not have to go through the two step process every time. HOWEVER, if you are using your phone as a part of this two step process, it becomes even more important to password protect or otherwise lock your phone.
passwords are crucial
Current best practice in strong passwords require length and randomness.
One approach could be a string of 8+ random numbers, letters (both lower and upper case), and symbols. A challenge with this option is that the password can be overly difficult to remember even one account, much less a similar string for dozens of accounts.
A second option can be a "phrase" or combination of random words: "bananaumbrellafloristdog" is an example that may work in some scenarios...throwing in a number or symbol would make it better.
Using a "password manager" may be helpful for some people, or having a readily accessible (but secure!) reference with various passwords could be supportive.