This exactly why all my e-mail passwords are at least 18 character long with random generated gibberish stored on a keychain...
And to secured that keychain I use a very long login password (XKCD style + numbers) that always make people cringe.
In return I assert a well deserved facepalm when I see a friend log in on his e-mail account with a variation of "Password1".
The funny thing with having email as a username is, how sometimes people can use social engineering to gain control of your account, non of that fancy "hoaxer" stuff are needed when your service providers put untrained people in charge of your accounts. Hacking human stupidity is a more effective way in to get in to a secure system.
Nope I mean I kinda never login to my mail through unknown browser. My smartphone is just good enough when I can't access my computer, so there is only three places where my long e-mail password is stored. Keychain on my computer, keychain on my smartphone and backed up encrypted keychain in my cloud account. So it's highly unlikely that my e-mails get compromised.
Also worth mentioning my e-mails are not hosted on gmail or any big cloud player. I actually pay for my imap, when you don't pay you probably in some way are the product...
In return I assert a well deserved facepalm when I see a friend log in on his e-mail account with a variation of "Password1".