Aiming to make Google Apps and Google’s version of Cloud Computing even more attractive to the Enterprise sector, Google is rolling out an extra layer of security that is geared towards easing security concerns in those who have to manage those issues. Essentially the way this works is that in addition to having a password, you’ll also need a PIN to access your account in what will become a two step process. This has to be set up by an administrator. If you log in with your password, then a PIN is sent to your mobile phone allowing you to then enter it and then do the final sign in.
Here’s what the Google Enterprise Blog is saying:
Two-step verification is easy to set up, manage and use. When enabled by an administrator, it requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone. It doesn’t require any special tokens or devices. After entering your password, a verification code is sent to your mobile phone via SMS, voice calls, or generated on an application you can install on your Android, BlackBerry or iPhone device. This makes it much more likely that you’re the only one accessing your data: even if someone has stolen your password, they’ll need more than that to access your account. You can also indicate when you’re using a computer you trust and don’t want to be asked for a verification code from that machine in the future.
Administrators for Google Apps Premier, Education, and Government Editions can activate Two-step verification from the English version of the Admin Control Panel now, and Standard Edition customers will be able to access it in the months ahead. Once enabled by their administrator, end users can set it up in the Accounts tab in Gmail settings.
I may be missing something, but this seems to help as long as you’re the one who has your mobile phone. If you’ve lost it or it is stolen, then if whomever has it has access to your password, there is still a potential issue.