Choosing a strong password is fundamental if you want to protect your data and personal information. Especially if what you are protecting is your Internet email address. Malicious users could, not only stole your personal correspondence, but also use your credentials to send spam or viruses to your friends.
Strong passwords usually needs to use special characters, be long and as random as possible. In other words, a strong password has to be difficult to guess. Here you can find a strength test for your passwords.
Protection through single password authentication is not considered secure enough for personal online banking applications. This is why, usually, banks provide security token devices able to create one-time security codes. The need to provide something you know (i.e. your password) plus something you have (i.e. the one-time password created by the security token device) makes the bank much more secure that you actually have the right to access a certain (i.e. your) online bank account.
Why don’t we use this kind of approach also for email accounts? I do really have more valuable things in my email account than in my online banking account (sigh!).
Google provides something similar but easier to use than security token devices. It is called 2-step verification.
In addition to your username and password, you need to enter a code that Google will send you via text or voice message upon signing in.
More information about 2-step verification here.