Google will roll out two-factor authentication for all account holders over the coming days, making good on a promise it made last year.
Until now the second factor - a unique code often typically delivered via SMS -- had been only available to Google's Apps customers.
Two-factor authentication relied on knowledge of a password and possession of the device that receives a one-time code.
It will make it tougher for criminals scouring social networksto crack users' login credentials .
"Your Gmail account, your photos, your private documents -- if you reuse the same password on multiple sites and one of those sites gets hacked, or your password is conned out of you directly through a phishing scam, it can be used to access some of your most closely-held information," said Nishit Shah, a product manager for Google's security team.
Google account holders will need to undergo a 15 minute registration process to activate the feature within Google's Account Settings page, which includes establishing a backup password incase a primary phone is lost.
During the normal sign-in process Google will deliver a unique code via a call, SMS, or allow Android, BlackBerry and iPhone applications to generate unique codes.
Such a security feature may have averted an email assault planned for 3200 American women last year [pdf].
A 23-year-old Californian man, in search of nude photos, gained access to 170 victims' email accounts by guessing the answers to questions posed in the "forgotten password" feature offered by many free email services. The man had used information gleaned from Facebook to guess the answers.
A convenient feature of Google's service, at least for users that log-in to accounts several times a day, will be the option to "remember verification for this computer for 30 days".