Sadly there are significant risks to having valuable information accessible via the internet. Someone with access to your accounts is a huge risk and it can be a huge hassle to deal with what they can do with that access. Email is one of the most critical, there is tons of information you need, and often the email account can be used to get access to many other accounts (obviously financial sites are also critical, as are others). You should set up 2 factor authentication for critical sites.

2 factor authentication is made of up 1 thing you know, and 1 thing you have. So you know your password. The easiest other item is a smart phone (that is the default option for gmail and most places for the thing you have). Some banks and computer networks (intranet access) use security tokens. Either way they give you a code which you then enter after you enter in your username and password.

Gmail offers a app for smart phones that will generate these codes even if you don’t have cell phone service. Also, if you don’t have a smart phone, or lose yours there is a backup thing you can have (pre-printed codes). Make sure you print these and keep them somewhere you can access them (Google suggests your wallet).

With Gmail you will be prompted for your 2nd level authentication if you attempt to access with a computer that has not been authorized previously. If you are using a computer that you logged into your account with and told Google to authorize you will login normally. Every 30 days Google will then have you provide the 2nd level authentication (I think this is right, I might not have it exactly right for when Google asks for 2nd level authentication).

Whatever email account you have I would strongly recommend having 2 factor authentication setup. And you then must be sure that you can gain access. It is a bother but you need to make sure you understand the process and understand how to cope with issues (losing your smart phone, etc.).

Once you setup your account for 2 factor authentication make sure you add a secondary phone number backup (in case you lose your phone or it is stolen). And make sure you print out the backup code.

Process:

1. Setup your gmail account to use 2 factor authentication (under the account settings tab)
2. You will get a chance to enter the code sent to your phone prior to the setup process complete. It seems like Google has intelligently (or just non-idiotically, but still correctly) not just moved you into 2 factor authentication without being able to get the code. I am not sure what happens if you can’t get the code (like you don’t have a phone number they accept (they say you can’t use a Google Voice number for example).
3. Sign back in. Google will sign you out after you confirm you got the code and complete setting up 2 factor authentication.
4. Add a backup phone number, or 2.
5. Get the backup codes that you can use in case you can’t get a code from your smart phone at some point (remember to take these with you if you are going to need to sign in on a computer you haven’t approved – like on vacation, for example.
6. Test out the process on a computer you haven’t authenticated before you need it. Don’t wait until you arrive on the start of your 2 week trip to discover you can’t access your account.

Two other points related to this topic

• Remember to backup your information – and back it up to a safe location (probably at least 2 locations for really important stuff). I don’t really understand the details but you have to be wary if your computer can be wiped remotely (like from your Apple iCloud account – which happened to someone recently). Just backing up to something that hackers can then wipe is not so great. Hackers would likely do this to make it difficult for you to regain control of your accounts.
• Remember to use secure passwords and don’t repeat passwords on sites you care about security for. Longer passwords are better: 20+ characters including special characters (sadly some sites don’t let you have secure passwords). And they need to get longer as time progresses. It is likely then necessary to use a program to keep track of all your passwords. I’ll admit I don’t really understand why sites can’t do a better job defending against brute force attacks (where attackers just keep guessing passwords forever). But this is why longer passwords are needed, to slow down brute force guessing – which speed up over times as computers get faster and faster.

Related: Please turn on two-factor authentication (Matt Cutts) – Keeping Your Hosted Ubuntu Web Server Software Up to Date – Adding a Key to Your Server for SSH Login