I'm slowly getting educated about how the blockchain and Bitcoin addresses work. I now understand why it is more secure to use a different Bitcoin address for every transaction you make but I'm now trying to understand how I could achieve that with something as basic as paper wallets for educational purposes.
So, I noticed most big exchanges nowadays do generate a new public address every time you want to deposit cryptocurrencies. From what I've read, this is made possible by the use of an extended key, which contains a public and private part, just like regular keys. Now, where I'm still a little bit confused is how does it work exactly for them (the exchanges) to access all the funds from all the public addresses you generated at the same time (since they do show you a total balance and you can spend that balance with what seems to be only 1 transaction). Does the private extended key give you access to spend all the funds in all the public addresses generated with that 1 private extended key?
Also, when we say addresses should never be used more than 1 time, I assume it still must be used 2 times at some point, since you add funds and then withdraw it, meaning 2 transactions total? Or do I get it completely wrong?