Instead of asking clients to create hard to remember passwords or rely on silly quiz’s to authenticate who they are (which hackers can easily obtain through social engineering), Google is instead drafting mobile phones in their war against hackers.
Today we are changing that with the introduction of a more secure sign-in capability for Google Apps accounts that significantly increases the security of the cloud: Two-step verification. […]
Two-step verification is easy to set up, manage and use. When enabled by an administrator, it requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone. It doesnâ€™t require any special tokens or devices. After entering your password, a verification code is sent to your mobile phone via SMS or generated on an application you can install on your Android, BlackBerry or iPhone (coming soon) device. This makes it much more likely that youâ€™re the only one accessing your data: even if someone has stolen your password, they’ll need more than that to access your account. (Google Small Business Blog)
Currently this is limited to Google App users, although Google does plan on rolling this feature out to “the rest of us” (which should help make Gmail more secure).
Even better, Google has announced that they are open sourcing this feature, which means other companies (like Yahoo! and Microsoft) can easily implement it for their own users.
Hopefully Google provides a third option for users who lack a mobile phone (as some people have given up cell phones due to the recession), although for now this feature will hopefully make it harder for hackers to access sensitive accounts.