This is all very well documented on the web already, but rather than write the same email over and over to friends, I figured I'd post it here.

Enable Two-Factor Authentication

With two-factor authentication, the first time you log into your account from a new computer, the site you're logging into sends you a text message with a code, and you have to enter that code. This makes it so you need to have your cell phone on you to authorize a new computer (and once every month or so thereafter to refresh it), and so therefore a hacker needs both your password and your cell phone to get at your account. This is one of those things which is a minor annoyance for a user, but is a major annoyance for a hacker. It puts you in a whole different ball game from a security standpoint.

Here's a link to set it up on Google accounts: https://support.google.com/accounts/answer/180744?hl=en

Use phrase-based passwords

Edit in 2020: I made a site for this purpose: classypasswords.com
First read this xkcd: https://xkcd.com/936/
Bottom line is, your password is way less secure than you think it is, but you can easily make a password which is, in fact, very string.
This site is great for generating short phrases which make good passwords: http://tim.dierks.org/2007/03/secure-in-browser-javascript-password.html

Go forth, and be safe!