Well, lets start first things first. Security on your account is dependent on a number of things: - You keeping your computer clean of virusus, trojans, keyloggers etc by having a good antivirus and ant-spyware program running. - You keeping a firewall up to prevent intrusion. - You not allowing someone else using your computer and/or steam accounts or ANY other accounts. Not even your brother/sister/father/mother/son/daughter/sibbling/family/friend/lover or w/e relation you figure out. - You not giving anybody any info that a hijacker can use that includes: steam login name, email address, password. But that ALSO includes the "recovery email address", so you CANNOT use your NORMAL email for that EITHER. - Keeping severed any links between any registration that is important. In short: do not use the same email to register AND your steam account, and ALL the spammy spam sites to register for some obscure thing. - You not logging on onto other people's computers, as you dont know their security policy/status, if that computer is infected, you deliver it right to them (not to mention password saving, activating the steam account there, logging into your mail there to activate steamguard protection access on there etc). So the core words are: - Real Security (antivirus/antispyware/firewall) - Obscurity (to increase the difficulty by not telling/showing anybody the login name, password, emails used etc) - Separation (between "every day usage" and secured stuff, and even between those) - Awareness. - Smart. Its no issue if your day-to-day email has a low grade password. As long as your entire online life isn't hanging on that one email address. For then you have a problem if ever your email get hijacked and aren't able to (fully) recover it.