Yahoo Mail is my only active mail mailbox. I can lo longer access my Windows mail account.

 I use it for everything and the only spam I get is mailings from places I have signed up for and this is the first time it's been hacked since 2007.

That said, what do some of you recommend if I was to get a secondary mailbox,or replace my primary one? It seems they all can be hacked eventually, given enough time.

I have an AOL box but haven't used it in years. I use YahooMessenger and aside from a few quirks, it's been working fine for me, along with YMail.

That's exactly what I say. I'd say use your ISP's if you think they do a good job with security. I'd say, "Just don't keep any financial/credit stuff on it." except that's next to impossible.

Using your own client is probably the best solution. Thunderbird is excellent, but just realize that it's not going to be developed by Mozilla.org anymore. 

http://www.makeuseof.com/tag/free-email-clients-windows-7/

Another option that may help with security is to use a disposable email for everything non-critical: I've used http://mailinator.com/ in the past with no complaints.

Also, if you have to send sensitive information, breaking it into chunks and using different email services can be a good thing and so is encrypting.  I used to use PGP . . but don't anymore.

Yup

And all my relatives and friends joke and photo and youtube "you gotta see this its cute" emails.

As far as I know, not a critical, mass security breach of people with strong passwords.

If lacking a provider email, then GMAIL is what I recommend. I am owner and silent owner on several LSoft Listserv lists and we get Yahoo and AOL errors so often that we just blanket advise the use of GMAIL.  Now, I can't stand GMAIL web interface so I pop it - and have to remember to go and delete the downloaded messages that GMAIL hordes at least once a year. When I found out about this hording I logged on to 30,000 messages in the archive bin. I think I finally got it trained.

That aside, it has served me well. Of course there are many other services with free pop mail and web interface. I have a  hosting account so have the liberty of many email names on any domain I own.

And that's the rub. It all depends on where the hackers set their sites next.

As mentioned, even LastPass was hacked in May of last year, though they claim a lot of the info stolen was encrypted. The danger was matching the encrypted passwords to the user names and that there are still people using relativley weak passwords.

Don't count Thunderbird out just yet. Lifehacker had a piece on it the other day while exploring desktop alternatives with the news from Mozilla about it's mail client.

Mozilla's announcement that they would be suspending active development on Thunderbird and focusing only on stability and security certainly caused a stir. Mozilla tried to clarify that their defintion of "dead" is different from everyone else's, but the fact remains: We shouldn't expect to see much in the way of major feature or interface uplifts, but it doesn't necessarily mean the product is dead. We actually asked whether Thunderbird was dead over three years ago, and here we are today—it's still alive and kicking. So don't count the app down just yet.

Though you may not see any major uplifts, between in being open source and still in the hands of Mozilla, it will still get it's security patches.

I use Thunderbird and gmail. Thunderbird for the back-ups and it's a clean desktop client that is user friendly. On line, I prefer gmail because of the intergration with other Google services (Like the virtual gmail drive) and all of the features it offers from customization to super user features.

I can't speak for hotmail or live.

The question of a secondary email box should be 'Do you want or need a secondary email box OR do you want a disposable email box?'

There are services like GuerrillaMail and 10-Minute-Mail where you can get a temporary email for those sites that require you enter one just to participate or view but you don't want to communicate with. GuerillaMail has a fifteen minute lifespan but you can extend it if need be.

I tie all my important messages to pigeons and trust them to avoid cats and hawks.

It it ever comes back on-line: https://shouldichangemypassword.com

It's a bit busy today, I wonder why . . .

For mail I use Pegasus Mail. Good old carry over from the DOS days, much improved. They currently are working on some type of contact card system (I don't use contact cards so I am remiss about knowing) For me, I appreciate that I can micro-manage any incoming mail based on filters for all types of things using ANY header value - including wild cards. I can instantly delete naughty words or disliked people (their email) and read MIME digests (Listserv produces MIME digests if requested) All outgoing mail is simple text (again, great for mailing lists) unless told otherwise. Can you tell I like it? Covering multiple accounts is like eating ice cream. Anyway, if you are considering a replacement for Thunderbird, this is a good candidate.