Google two-factor authentication sends a text message to your cell phone when a new device logs in to your account. You must enter the six-digit code to log in.

The news accounts of John Podesta's email hack indicate that his password was stolen by a site that impersonated a Google login screen. The link was sent to him in a spearfishing email.

The account didn't say whether or not he had two factor authentication turned on, but he probably did not. If he had turned it on, the hackers would not have gotten the text message with the login code when they used the password the first time. He would have, and would have realized that his account had been attacked and could have taken action before anything was compromised.

Both Google and Facebook have had two factor cell phone based authentication for a few years, and many other services are starting to use it.

Joomla has had two-factor authentication since 3.2; WordPress does not appear to support it as a core function, but does have plugins to support it.

If you haven't enabled two factor authentication on your Google, Facebook and other accounts that offer it, just do it.