Good news for those who like the easy accessibility of Google Apps, but not that anyone in the world can also easily access their domain’s sign-on page:
A mobile phone is the main requirement to use the second form of identification. It doesn’t require any special tokens or devices. After entering a password, a verification code is sent to the user’s mobile phone via SMS, voice calls, or generated on an application they can install on their Android, BlackBerry or iPhone device. This makes it much more likely that it is the user accessing the data: even if someone has stolen the password, they’ll need more than that to access the account.