Most people still use free email accounts from providers such as hotmail (or now outlook / live) or gmail or even the dreaded yahoo and with hacks into these accounts being a common starting point for what can become a much more wide ranging hack of websites or accounts, it is even more important to keep access to these accounts restricted to just yourself. Hackers have access to massive password databases, the ability to test a huge number of passwords in a very short time plus the continuing reality that most people use very simple passwords commonly used by millions of other people.
Below are some simple tips to help secure your free email accounts
Always use long, strong passwords that are unique and never used for any other login. The only way to do this is by using a password manager such as LastPass which will not only generate complex strong passwords for you, it will store them and as long as you are logged into your LastPass Vault (which is the only password you will then ever need to remember and this can be protected by multiple additional methods such as 2 factor Authentication) it will populate the username and password for you when visiting a website. The software is easy to use and is free on desktops and tablets with a small yearly charge for use on mobile phones.
Many websites now offer this additional protection which protects the login by requiring you to enter enter a code which is generated (by a phone app in the case of Google Authenticator) or sent via text or push message. 2FA involving a physical device such as these methods is much more preferable than authenticating via a second email address although even that is better than nothing !
You should regularly check the account login history as many will show attempted / failed / successful logins so look for times or locations that couldnt possibly have been yourself. You should also check the sent items folder to ensure nobody is using your account to send emails.
This is good practice anyway to keep your mailbox as small as possible but also ensures that your inbox (and dont forget the sent and deleted folders as well) dont contain emails that have sensitive information in them. Many websites still send out passwords for new accounts via email and while of course you should always immediately change these, if you dont then this ensures that hackers then dont gain easy access to other websites.
Of course, most of these tips equally apply if you have your own domain with email mailboxes as part of that