Google's enhanced authentication system uses SMS - and mobile application - based security tokens as
the secondary authentication mechanism, requiring that users couple their password with a secondary PIN received by SMS:
With two factor authentication even if someone has stolen your password, they'll need physical access to
your secondary authentication mechanism's PIN in order to access your cloud - based data.