Not to megaphone next to that drum that Jim Fallows has been beating, but everyone really should turn on two-step verification for email. I actually did this back when Jim wrote about his wife's account getting hacked, but I cut the verification off because I couldn't get mail on my phone.
There are some situations in which the hardware's or software's setup means that you can't enter both your normal Gmail password and the special 2-step code. For instance: email on most smartphones, or on an iPad. Or for programs like Thunderbird or Sparrow.For these situations, you generate a special kind of password, on a page Google provides for this purpose. It's 16 characters long; it looks like nonsense; and it is something like kxgi jikg avfi dwqi. You copy down this password, and then you enter it -- once -- in place of your normal Gmail password for your smartphone, iPad, etc.From that point on, Gmail recognizes this as a special kind of password, signifying that you're in the 2-step system. If you lost your phone or iPad, someone could get into your email. But, again, you would know that you'd lost that device. And you could go to the Gmail setting page and de-authorize the password you had approved before. Result: as long as you had your iPad or smart phone, you could get into your mail with no hassle. But if they were stolen, you keep keep others from prowling around.