We've all heard of it, or even seen it personally many times: "my account was hacked!". Usually I'll get the scam emails from a friend's email address saying they are trapped overseas and to send them money to help them out, or maybe the general spam or phishing attempts from one of their online accounts.
You might think it won't happen to you, but all it can take is logging in on a computer that might be infected by something, or using the same password for your account on another site that had its servers hacked.
There is an easy way to all but prevent your account from being accessed by someone other than you: 2-step verification (also known as 2-factor verification). It's like what a lot of banks now use to authorise logins or funds transfers: in addition to your password, you also need a one-time only code (or 'token') that is generated by an app, device, or sent to your phone by SMS.
So it usually means that unless someone steals your phone and knows your account password, they won't be able to get into your account.
I hadn't enabled 2-step verification on my main online accounts because I had thought it would be too inconvenient having to use the code every time I had to log in, but unbeknownst to me, providers like Google and Microsoft allow you to specify a computer or device to be 'trusted', so that you won't be required to enter a code again on that device.
It can get a little tricky with mail apps or other programs that can't ask for the code, but they make it pretty easy to set up unique passwords for those situations.
So, why haven't you turned on 2-step verification?