Maybe I shouldn’t be saying this, but I’ve entrusted a big chunk of my digital life to Google—so much so, in fact, that I’d be in serious trouble if anyone ever hacked my account.

If a hacker did manage to hijack my Google account, they’d have free rein over more than 10 years worth of email, almost all my work files, every address I’ve ever looked up on Google Maps, all my saved Google searches…well, you get the picture.

So, do you have some, most, or all of your personal eggs in Google’s basket, too? If so, you’d be nuts to protect your Google account with little more than a single (and potentially easy-to-crack) password.

The good news is that Google offers a series of tools for beefing up your security—and if you’re smart, you’ll switch on as many of them as you can.

Here’s four essential ways to lock down your Google account, starting with…

1. Set up two-step verification

No matter how strong your Google password is, there’s always a chance (as the recent Heartbleed security bug reminds us) that someone will get their hands on it.

That’s why you should seriously consider turning on an extra layer of password security, especially if you have anything more sensitive than, say, your shopping list stored in Gmail or Google Drive.

Google Authenticator app

If you have “two-step” verification turned on, Google will occasionally ask you for a six-digit security code before unlocking your account.

Here’s how “two-step” verification works: in addition to signing in with your password, Google will periodically ask you for a six-digit security code before unlocking your account.

The ever-changing code gets beamed to your phone via text message or a special Google “authenticator” app.

Now, I admit to an occasional weary sigh whenever Google pops up a security screen asking for yet another six-digit authentication code. (You can, at least, set your PC or Mac to only prompt you for a Google code every 30 days or so.)

That said, it’s comforting knowing that a hacker with your Google password would need to jump through more hoops before unlocking your account—and all your precious data.

Want to turn on two-step verification? Here’s how…

  • Log into Google, click your Google icon in the top-right corner of the page, then click Account.
  • On the next page, click the Security tab, find “2-Step Verification” in the Password section, click the Setup link, then follow the steps.

2. Check your recent activity

Want to find out if anyone other than you has been poking around your Google account?

There’s an easy way to view the most recent activity for your account—including the last several times someone logged in, their approximate location, their IP address, whether they logged in with a Mac or PC, and more.

  • Go back to the Security tab under your Account settings, find the “Recent activity” section, then click the “View all events” link.
  • Check out the list of recent events—and as you do, pay special attention to the map on the right side of the page.
  • See anything suspicious? If so, click the “Change password” and create a new password, pronto.

3. Get a text message whenever there’s “suspicious” activity

Just like your credit card company, Google is constantly checking for “suspicious” activity on your account, such as a changed password or multiple failed login attempts.

Google will send you an email whenever it thinks a stranger is poking around your account. Even better, it can send you a text message—but only if you give it a cell number first.

Here’s what you do…

  • Once again, head for the Security tab in your Account settings, then click the “Edit” link under “Send phone alerts.”
  • Under the “Notifications” heading, click the “Edit” link next to “Phone number.”
  • Enter your number, then click the blue button to get a verification code.
  • Back on the Notifications page, make sure “Phone” is checked as an alert option for both “Password change” and “Suspicious attempt to access account.”

4. Set up a “recovery” phone and email address

So, let’s say a hacker does manage to sneak into your account, or you otherwise find yourself locked out of Google. Now what?

The easiest way to prove that you’re you is to have Google call or text your mobile number—but again, you’ll need to make sure Google has your digits.

You should also supply Google with an alternate email address—you know, one where they can send a link for resetting a lost or stolen password.

  • Once more, click the Security tab in your main Google settings, then click one of the Edit links next to “Recovery phone” and “Recovery email” in the “Recovery & alerts” section.
  • Go ahead and entire the phone number and email address where you’d like Google to contact you in case something happens to your account.
  • All set? Click the blue Save button.

Click here for more Google tips!