Google's move to add an advanced sign-in to its consumer accounts is welcome and should be adopted by you pronto.
The search giant had two step verification in Google Apps, but is now rolling it out to the masses. In a nutshell, the extra verification step means your Google account is harder to hack.
There's nothing revolutionary about Google's advanced sign-in---most of your online financial accounts already do something similar---but it's recommended that you follow the procedure to prevent your account from becoming a spam sending engine. Anyone that has had a poor password swiped knows you can easily send a few million spam message if you're not diligent.
Also: Google intros advanced sign-in feature
Take your time to carefully set up 2-step verification—we expect it may take up to 15 minutes to enroll. A user-friendly set-up wizard will guide you through the process, including setting up a backup phone and creating backup codes in case you lose access to your primary phone. Once you enable 2-step verification, you'll see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device. The choice is up to you. When you enter this code after correctly submitting your password we'll have a pretty good idea that the person signing in is actually you.
That verification code will be good for 30 days.
Here's the sequence you'll see shortly: