My Google account has been hacked before, thus I"m very concern about the security of my Google password. I appreciate the hacker just gave a warning to me and not doing anything that extremely damaging! Thank You!
I will find all my best to protect the password and here are the tips that I"m going to share with you how you can strengthen your Google password security.
(1) Change Your Password Every Quarter
Well, you may think this is not necessary but I think it is safer if you can change your password every quarter (i.e. 3 months). I will have my own pattern of creating new password, so I can easily remember. Of course, please make sure your password is the strong password too. Google will able to tell you that whether your password is strong enough.
(2) Disable Account Recovery Options
I believe this is how my Google account is hacked. For better security, only use your "mobile phone" as the only option to recover your password. This means you do not need to key in the recovery email address. If there is, please remove it. When you receive the SMS recovery password code, you will know someone is trying to hack your account. I honestly received it before few times!
Another very important thing is the security question - do not use simple security question such as "What is my favorite color?". I think this is a very high potential the reason why my account was hacked because my security question is too simple to guess like the one above. Please use complex security question and make sure it is not easy to guess. I do not know the reasons why Google "enforces" this security question but this definitely open up to hackers to do their job easier. If you can disable this (assuming Google doesn't enforce this), then it is even better. Using mobile phone to recover password is the safest option in my opinion.
Note: Not sure if this is Google bug, I remembered I tried to recover my own password only with this security question. Perhaps I didn't set other recovery options. I encourage you to try to recover your own password and see if it sends recovery code to your mobile phone or not.
(3) Turn on 2-step Verification
It is a new feature that I only realized lately. What you need to do is go here and follow the instructions:
You can select your default machine to login, then Google won't ask you for 2-step verification. If you login from another computer, then Google will ask you that. It will send the verification code to your mobile phone through SMS. You can also download a list of verification codes just in case you do not have the SMS access. I suggest you do this by printing it out and keep it in the safe place rather than download the verification codes in your computer.
(4) Do not Link to Your Google in Your Android Phone
I know this is ridiculous as all android phones are linked to your Google account. It really depends on how important is your Google account. If your Google account contains very important and confidential stuff (e.g. access to your paypal account, adsense and others accounts that related to money), I would suggest you not to link it with your Android phone if possible. Security in mobile phone is never safe!
So, what I do is I create another new Google account is mainly to link to my Android phone. I feel this way is a lot more safer. Hackers will not have a way to link to your real Google account if they manage to hack into your phone. Also, what about you lost your phone? They only can hack to the Google account that is meant to be hacked!
Note: If you really cannot live without your Google account, then I guess you need to be careful of not simply install third party mobile applications that are not approved by Google (Play) or Apple (itunes).
(5) Install Anti-Virus Software
AVG is always my favorite and there is mobile version too. You can just do a "AVG" search in the Google Play market and you should able to find it. Most importantly, it is free! :)
Do you have any tips to share how you protect your Google account password?