Your Google account holds a lot of sensitive information: the emails you send and receive on Gmail, your contacts list (which many synchronize with their phones), the files in Google Docs and Google Drive, the videos you watch on YouTube, etc. This is why taking all the security measures possible is not only advisable but can also prove to be vital. The problem is that all Google's security features and options can get a bit confusing and even hard to use at a certain point, so I will try to help you understand what each of them does and how to use them.
2-Step Verification has been around for quite a while, and if you don't have this feature enabled yet, you really should as it is incredibly useful. Basically, 2-Step Verification will offer you an extra security layer by asking for a numeric code after you type in your email and password. The respective security code will be automatically generated and sent to a phone number that you provide whenever you try to log-in. This means that if anyone gets a hold of your Google password (and trust me it's much easier than you would expect), he/she won't be able to access your account without having your phone as well.
Enabling this feature is very easy. All you have to is log-in using your Google address, then click on the round icon in the upper-right corner (the one with your image or avatar) and select the Account button. Once there, scroll down until you find the 2-Step Verification option and choose to turn it on. Type in your number, select whether you would like to receive text or voice messages and you are done. Furthermore, you can also add a backup number in case something happens to the original phone.
App Passwords is a recent feature designed to give you easier access to Google related apps on your phone without compromising your security. Imagine this scenario: you have the 2-step verification feature enabled, and you try to log-in on Gmail from your phone. In order to see the verification code you will have to exit the Gmail app which automatically restarts the logging-in process and thus gets you caught in a loop. App Passwords will help you avoid this problem: this simple tool will allow you to generate a password that will only work on a specific device. Furthermore, in case you lose the respective phone or tablet, you can easily revoke the access, thus ensuring your privacy.
To access this feature, you have to once again click on the Account button but this time scroll even further down until you find the App Passwords section. Once there, simply select the app that you need access to, then choose a name for the password (you should either select or create a name that tells which device you use it on) and click on the Generate button. Now, simply use the password that you receive (instead of the one you normally use on your Google account) to log into the respective app on your phone.
From what I've noticed, App Passwords is now the only way to log into the Google apps on phones and tablets. (The normal password wouldn't work at all for me when I tried to connect to Gmail or the Play Store on my Android smartphone.)
Another cool thing that not many people know about is the Google Authenticator app. This application, which works on both Android as well as iOS devices, is capable of generating the authorization codes you require in case you have the 2-Step Verification feature turned on. Why would you need such an app? The answer is very simple: in case you have a bad or no signal on your phone, without this app you will be unable to log-in to Google account. This tool will even work if your phone is in Airplane mode. A huge advantage is that you can add multiple accounts, and the app will generate authentication codes for whichever account you are currently using.