So you might have heard it over and over again, But it is a very important lesson.
Let me tell you why.
Now before that, understand that having a hardware wallet might not be feasible if you have very small holdings. But if you do have a large holdings then it's worth investing in.
There are some Hot wallets that let you control your public and private keys.
However, there are many wallets and exchanges online that you can use to store your Crypto. That do not let you control your private keys.
You might thing the danger here is that it can be stolen, and yes that is true. Exchanges have been hacked in the past.
The problem I faced was of a different nature. Many years ago, when I was even a bigger noob I use to participate in a lot of Crypto related activities.
I signed up for various airdrops as well, at that time I was not aware how tokens work. So I gave my Ethereum wallet from an online wallet and waited, forgot about it and moved on. Fast forward some years I open my online wallet and nothing special going on, all my meagre holdings are still there. However, one fine day I was going through a certain website that required my ETH address. I put in my old key from the online wallet and from their I got onto etherscan, and what do I find out those tokens are there in my ether address.
Now, these are just some shit token that no longer have value or 100s of them aren't even worth 10 cents. But still I had some tokens that I didn't knew about.
So I immediately mail the support of that online wallet asking for my private keys. They replied that due to security measures it's not possible to export private keys.
There you go, not your Keys not your Crypto
Luckily the tokens are worth nothing and moving them would have cost more ether then their combined worth.
Still, this is a lesson in the importance of holding, controling and securing your public and private keys.