Passwords, their impregnability is a myth. The idea that you can devise passwords to keep hackers away is an outdated, old-fashioned akin to protect a city with a wall.
The most common trick hackers use is the ‘reset password‘ functionality that most websites provide. Most email accounts have straightforward methods of authentication that can be circumvented by a determined hacker. Even a two-factor authentication method – where a password reset involves a code sent to the account owner’s mobile phone – can be bypassed.
The biggest weakness in any security system is the HUMAN MIND. Any authentication method that is acceptable to to a 65 year old user will fall in seconds to a 14 year old hacker. Anybody could be a victim because of carelessness with email accounts, but mostly the celebrities are the most targeted ones.
The only way being secured is that websites should make strong authentication standards a priority.
When asked to a Security firm head, how she herself kept her email account secure, she replied that she did so by not having one!