Google has stepped up its authentication process for Google Apps by announcing plans to add a second verification factor to be sent to users' mobile devices.
Similar to Australian banking services, which have opted for SMS-issued one time passwords over security tokens, Google Apps customers will receive a verification code via SMS, voice calls or an Android, BlackBerry or iPhone application.
"It requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone," Eran Feigenbaum, Google Apps director of security explained on the company's blog.
Google had previously only supported third-party provided two-factor authentication since 2006 via the SAML Single Sign On protocol.
The new service would be activated and managed by a company's Google Apps administrator.
Users could also indicate that a particular machine they have used was not considered trustworthy and cancel it from requesting verification codes in future.
Google said the service would be made available on standard edition Google services, such as Gmail, in the months ahead.
