In Sep last year, Google Apps customers received an advanced opt-in security feature called "2-step verification" that makes your Google Account significantly more secure by helping to verify that you're the real owner of your account. Today, Google is offering the same to all users, as announced on the Data Privacy Day 2001.
"2-step verification requires two independent factors for authentication: your password, plus a code obtained using your phone." You'll begin to see a new link on your Account Settings page that looks like this:
Take your time to carefully set up 2-step verification--a user-friendly set-up wizard will guide you through the process, including setting up a backup phone and creating backup codes in case you lose access to your primary phone. Once you enable 2-step verification, you'll see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile app on your Android, BlackBerry or iPhone device. When you enter this code after correctly submitting your password we'll have a pretty good idea that the person signing in is actually you.
A hacker would need access to both of these factors to gain access to your account. If you like, you can always choose a "Remember verification for this computer for 30 days" option, and you won't need to re-enter a code for another 30 days. You can also set up one-time application-specific passwords to sign in to your account from non-browser based apps designed to only ask for a password, and cann't prompt for the code.
More Info: Help Center