Or, as Google calls it, 2-step verification. It's pretty simple and already enforced for other important tools like Slack and GitHub. Please enable it.
Thoroughly covered in Google's knowledge-base on this topic…
Any of these common actions could put you at risk of having your password stolen:
Using the same password on more than one site
Downloading software from the Internet
Clicking on links in email messages
2-Step Verification can help keep bad people out, even if they have your password.
You'll enter your password
Whenever you sign in to Google, you'll enter your password as usual.
You'll be asked for something else
Then, a code will be sent to your phone via text, voice call, or our mobile app. Or, if you have a Security Key, you can insert it into your computer’s USB port.
Most people only have one layer – their password – to protect their account. With 2-Step Verification, if a bad person hacks through your password layer, they'll still need your phone or Security Key to get into your account.