There are quite a few steps to ensure that your online accounts stay safe, but probably the most important thing you can do is never re-use the same password for two or more accounts.
While it's easy to just remember one set of credentials for all the websites you use, it's also easier for an attacker to compromise a third-party site, which may not have the level of security Google does, and then use the passwords it gathers there to log into Google or other important accounts.
Of course, remembering tens of passwords for different sites is not a viable option either, so Google recommends that you use different passwords for the most important sites, your email accounts, online banking, e-commerce sites and so on.
Also important is to change your password at the first sign of trouble. If you have any suspicion that your account may have been compromised, don't waste any time. Even if it turns out to be nothing, it's better to be safe than sorry.
Of course, doing all of this and then handing out your account details to wrongdoers willingly kind of defeats the whole point, so it's very important to never reveal your password and username to anyone even if they appear to be from a legitimate source.