Cut the daisy chain
Another weak spot in online security: Email accounts that receive password-recovery messages, in the event you get locked out of your account. Recovery accounts are also prime targets for hackers looking to penetrate your online life.
The best defense is to use a single, hard-to-guess recovery address—something like “myrec0v3ry_ZMf43yQKGA@outlook.com"—and use it only for emergency recovery.
The worst solution is to daisy-chain all your critical accounts—your Outlook.com address is the recovery address for your Gmail address, and Gmail is the recovery address for Amazon. All it takes is one break in the daisy chain to ruin your entire online life.