My password is approximately 20 characters long... Do i have anything to fear? :P

if your password is 012345678901234567890 - Yes :D . If not most likely not :D.

And well all user with enabled two step authentication should not really worry UNLESS they use the same combination of password+username at another site WITHOUT 2 STEP AUTHENTIFACTION .

Nah, it's 12345 repeated 4 times :P

To be serious it's a combination of words, letters, numbers & symbols.

Something like: P1o9w9e8r$^$GPiurflfs, as a random example...

Careful, that password could summon a XKCD.

I didn't even know they can be disabled. That's why I had problems reading my emails at Norway because Hotmail/Outlook kept requiring the additional authentication... which went to another Outlook account, which also wanted an additional authentication. Nice Catch-22.

I was eventually able to lie with VPN to Outlook.com that I am still in Finland, finally able to read my mails.

Too bad to hear if MS and Google really have been breached like this. I thought those guys would know how to run a secure online service (ie. that my data is not leaked outside of their servers), but apparently not.

Basically I am skeptical of whether they actually let that data slip out for real, or someone's trolling us. I have a feeling it is indeed, an elaborate trolling attempt in order to scaremonger us for amusement or whatever. That's why I only activated two step authentication and left it at that: no need to change the password if nobody really accesses it from the outside.

And yes, they can be disabled. But the problem becomes to be in disabling it after you lose access to your phone. This is another entirely completely worse matter.

So why then have a password in the first place? What is its purpose to you?

If they want to change my password etc. they'd first need to have access to my second e-mail. I think I'm good. :)

You seriously asking that stupid question?

Really?

What's the use of HTTPS?

What's the use of encryption?

What's the use of fingerprint access?

Well, you did claim:

"I can literally give my password here and nobody can hack me."

So again, what do you need the password for then?

This is partly why I don't use any of the major email providers, they are natural targets for these attacks.
I also save important emails on USB and delete absolutely everything on a frequent basis.
My email accounts are rather barren as you might have guessed.

This why I change passwords every 30 days.

No hope for you.

They weren't. It's just stupid article writers not looking into the details trying to get more views to their blogshit.

The accounts that were "hacked" were ones that were compromised on other services and posted publicly. Someone ran the info through all of these providers and made a list of the ones that worked. So it's just a case of people using the same username and passwords everywhere. All of this fear mongering and silliness that some lone Slav managed to compromise the servers of 3 super companies to steal your insignificant data to sell it on the black market for $1 is just media sensationalism.

tldr: If you don't use the same passwords across all of your accounts then you're not one of the victims mentioned and don't need to change it. Move along.