Google has just started a 2-step verification process which will enable users to secure their accounts and not give anyone the ability to steal it. I went through the process and although its not for the faint of heart its not the end of the world. Hopefully this article would help you get through the process without losing any hair.
Initial creation and activation of the 2-step verification: 
- Click on the Account Setting link on the top right
- Once in Personal Settings page click on the “Using 2-step verification” link
- You will be asked for you password after which it will ask what 2 steps you want and then a button to start setting it up
- First it will ask what kind of phone you use. I have an Android phone so I specified that. Then it asks for you to install a verification application for Android. They have apps for iPhone and BlackBerry as well
- Once you have the app installed scan the QR code that comes up on the screen which has your account information. You do get the option to type in the address if you cannot scan the QR code.
- The app on your phone will give you a 6 digit verification code that you will need to type in to your browser. This code changes every 10-15 seconds so you’d have to be quick. The purpose of this last part was to authenticate your phone. This completes the authentication of your phone (congatulations).
- It then gives you a list of “Backup Verification Codes” to print, in case your mobile phone is inaccessible to do the authentication. You can use these codes to gain a one time access
- Then it asks you to add another phone number for voice and/or SMS connection. I chose SMS in that option, and received a code which I typed into the browser to authenticate that option. If you choose a voice number it will call that number and give you a code which can be used to verify.
- It then informs you that you should create application specific passwords for items like Picasa or Adwords etc. Using application passwords makes it easier to modify each connection to your Google account.
That’s it, after that it gives you a button to turn on the 2-step verification. The options you chose are listed so you can double check that it has the right info. Once you click on that button it gives you a warning that you are going to be signed out of ALL devices from the Google account, including mobile applications.
Login to your secured account: 
- Go back to your browser and sign in to Gmail.
- Put in the username and password, hit ok and it asks for a verification code
- Go into your phone app that you had installed and type the code it gives into your browser
Application specific passwords:
Once you are logged into the Google account it asks you to create application specific passwords. You can either do it then or defer it to a later time.
- It then gives you options to create (very) secure passwords for each of you devices. For my Android phone, to check email though it and to use Google Voice, it gave me a 16 character, alphanumeric code that I had to punch in the phone. Don’t worry, this code has to be only entered it once so don’t get a heart attack (like I almost did).
- You’d have to do this same routine for each of your computers that access that account. So I had to do one for Laptop-Imap, Desktop-Imap, and so on.
- For browsers on different computers you can use the Google Verification application on your phone
Reasons for application specific passwords is so that you can give some access to various 3rd party application and then revoke just that one access rather than entering your account password there and then have to change the main password. That would mean change the password on ALL the other areas where you may have saved that password. Pretty nifty.
If you need to get back to the place where you can create more application specific passwords use this link: https://www.google.com/accounts/b/0/IssuedAuthSubTokens
Otherwise you can always go there by click on My Account in GMail and click on Account settings and “Authorizing applications & sites”.
The way things have become we use our Google account for a lot of application and connectivity needs. Hope this helps alleviate some of the fears of making your Google account secure and safe from unwanted snachers.