Companies migrating their e-mail and other cloud services over to Google Apps is becoming an increasingly popular phenomenon, but there have been lingering doubts about whether making such a transition would put company security at risk. After all, there are numerous ways for sysadmins to add extra layers of security for when users check their e-mail from outside the building, but switching everything to Gmail means that everything is left behind a single—and possibly insecure—password.

Google has long been aware of this problem, and now the company is doing something about it. Google announced early Monday the availability of two-step verification, a more secure way for Google Apps users to sign into their accounts. Instead of just relying on a password set by the user, the two-step verification process will force users to log in with something they know (their password) as well as something they have (a PIN number sent to their mobile device).

"After entering your password, a verification code is sent to your mobile phone via SMS or generated on an application you can install on your Android, BlackBerry or iPhone (coming soon) device," Google Apps Director of Security Eran Feigenbaum said. "This makes it much more likely that you’re the only one accessing your data: even if someone has stolen your password, they'll need more than that to access your account."

The feature must be turned on by an administrator—admins for for Google Apps Premier, Education, and Government Editions can activate it now, while Standard Edition customers will be able to do so soon—and certain devices can be authenticated as "trusted" so they only require one step to log in. For example, a company's admin might let you authenticate your home computer as trusted (as it's less likely that your company e-mail will get accessed by a thief), but require your laptop to go through the two-step process, as it's more likely to get lost or stolen.

The feature is meant primarily for the businesses that use Google Apps for their services, but Google says it will eventually be available to all users. Additionally, the company says that the system is built on open standards, and that it will be open sourcing its mobile authentication app "so that companies can customize it as they see fit."