Google offers Two-step verification for some time now, but I have only discovered it recently, when my Gmail account notified me with the warning :

• State-sponsored attackers may be attempting to compromise your account

The warning doesn’t say “which” state attackers and there don’t seem to be any information or logs from break-in attempts in the account, or if this is just a Google integrated default warning for many users to enable their Two-step verification. But a Two-step verification is usefull in many ways. Let me explain you why : It gives another layer on protecting your password and doesn’t compromise your account if that password gets stolen or revealed. Here is just a basic example – many of you have probably used a public computer on some occassion to log into Gmail to read your E-mails either on a journey or while being at some public place, where you can never tell if your password was captured or not. There are different methods for capturing your password, most basic ones would be with a keylogger device or software. You can never be secure enough in a public place if your computer is protected. With Two-step verification from Google, you add another layer of protection by enabling SMS text code or voice message to your mobile phone number, which is always different and unique. Just a warning that with this method your phone number will be verified and linked to your existing Google/Gmail account ! Here is an article explaining how to make it work:

• Google’s warning
• How to setup Two-step verification on Google (text version)
• How to setup Two-step verification on Google (video version)
• How to setup Two-step verification for other social websites
• Wikipedia about Two-step verification process