Take your time to carefully set up 2-step verification—we expect it may take up to 15 minutes to enroll. A user-friendly set-up wizard will guide you through the process, including setting up a backup phone and creating backup codes in case you lose access to your primary phone. Once you enable 2-step verification, you'll see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device. The choice is up to you. When you enter this code after correctly submitting your password we'll have a pretty good idea that the person signing in is actually you.
It's an extra step, but it's one that significantly improves the security of your Google Account because it requires the powerful combination of both something you 
know—your username and password—and something that only you should 
have—your phone. A hacker would need access to both of these factors to gain access to your account. If you like, you can always choose a "Remember verification for this computer for 30 days" option, and you won't need to re-enter a code for another 30 days. You can also set up one-time 
application-specific passwords to sign in to your account from non-browser based applications that are designed to only ask for a password, and cannot prompt for the code.
To learn more about 2-step verification and get started, visit our 
Help Center. And for more about staying safe online, see our ongoing 
security blog series or visit 
http://www.staysafeonline.org/. Be safe!
Update Dec 7, 2011: Updated the screenshots in this post.
Posted by Nishit Shah, Product Manager, Google Security