Matt Cutts suggets turning on two-factor authentication. A video describes how the Google optional security feature works. It requires two forms of verification -- something the person knows, such as a password, and an object, such as a phone. Cutts also attempts to debunk some myths about using the strategy, such as does the user need to enter an extra PIN every time they log in? Cutts says the user can tell Google to trust any computer for 30 days, and sometimes longer, so two passwords are not required each time they log in.