People are sloppy with passwords. They use the same passwords at social media, at shopping accounts, and even their email address accounts. Or a very close variation of same.
How many years of stolen personal information are out in the wild now? Over a decade for sure.
What’s a common component of that information? Your email address.
What another possible component? Your password to the type of account that had its data stolen.
Once somebody has an email address and a password for you, it is relatively simple for them to try – in an automated fashion – to try to access your account. If the password doesn’t work, good.
If it does work – you have problems.
There are lots of security options out there at the mailserver account level but there is just one that you can control – don’t use your email password ANYWHERE else. Make it unique, don’t let it be obvious, and don’t relate it to any other password you use.
Your email address is as close of a thing as you have to your general online ID. Access to your email opens up so much else. Guard it zealously.