Google is giving all of its users the option to add a second step verification to log on to their accounts. The first remains the same; that is your username and password. The second is a code sent to your phone. The security benefit is obvious. You could give a hacker your name and password, but they would still not be able to access your Google account since they would not have your phone.
There is even a hidden third layer of security here for some people. That is a password protected phone. Not only would you need a person's username and password, and their phone, but you would need the phone password as well.
This additional layer of security is something you should strongly consider if use gmail. Many accounts have a 'reset password' option which sends a reset link to your registered email address. Even if you are smart enough to use different passwords for all of your accounts, if they crack your email they may be able to just rest those password; you could be looking at a total loss!
"Most of us are used to entrusting our information to a password, but we know that some of you are looking for something stronger. As we announced to our Google Apps customers a few months ago, we've developed an advanced opt-in security feature called 2-step verification that makes your Google Account significantly more secure by helping to verify that you're the real owner of your account. Now it's time to offer the same advanced protection to all of our users.
2-step verification requires two independent factors for authentication, much like you might see on your banking website: your password, plus a code obtained using your phone. Over the next few days, you'll see a new link on your Account Settings page that looks like this:
Take your time to carefully set up 2-step verification—we expect it may take up to 15 minutes to enroll. A user-friendly set-up wizard will guide you through the process, including setting up a backup phone and creating backup codes in case you lose access to your primary phone. Once you enable 2-step verification, you'll see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device. The choice is up to you. When you enter this code after correctly submitting your password we'll have a pretty good idea that the person signing in is actually you.
It's an extra step, but it's one that significantly improves the security of your Google Account because it requires the powerful combination of both something you know—your username and password—and something that only you should have—your phone. A hacker would need access to both of these factors to gain access to your account. If you like, you can always choose a "Remember verification for this computer for 30 days" option, and you won't need to re-enter a code for another 30 days. You can also set up one-time application-specific passwords to sign in to your account from non-browser based applications that are designed to only ask for a password, and cannot prompt for the code."