Here are some great tips for protecting your Google account. The ZDNet link at the end of this post provides more detailed information.
STEP 1 – Create a new, strong password. The password should be unique from all other online accounts. If you don’t want to have to remember it, use a password vault application like LastPass. LastPass will also generate crazy strong passwords. Creating a new password helps make sure that you are not accidentally sharing this Google password with other sites.
STEP 2 – Turn on two step or two factor authentication. You can do this via text message but we don’t recommend this. Use an authenticator app like Google Authenticator or Authy. If you use an app then even if your phone number is hijacked, the hacker cannot see your second factor authentication.
STEP 3 – Print out the recovery codes. This allows you to get into your account even if the authenticator app is deleted or stops working. Store these codes securely.
STEP 4 – Add a recovery email address. This will allow Google to tell you if they think your account has been compromised or if you forget your password. You will need two methods to confirm such as one of the recovery codes PLUS a code sent to your recovery email. It is better to make this email address a NON-GOOGLE email.
While nothing is bullet proof, this is probably a lot more secure than what you are doing right now.