IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
You have to enable the two-step verification. There is an app called Authenticator that you must install on your smartphone. When you want to log in, google will send a 6 digit verification code to your phone. The code is only valid for 30 seconds or so, so the window is pretty small for log-in. You enter the code in addition to your normal log-in password, and you are then granted access. It works ok, but frankly I find it a bit of a bother. I think that using a strong password along with that password being limited to your google account is an easier alternative, but it is obviously not as secure as a two step process. Still, a strong password should discourage most of the average miscreants trying to break into your account. I suggest using one of the password evaluation sites to make sure it is strong, though.
Google was recently testing out a cool 2 step verification process that only required you to scan an online QR code, but apparently that is still in testing. I would love to see it become the standard. It would be much more convenient.