Google is looking to add an additional layer of security to its Google Apps service (which is for business and enterprises not consumers) by blocking unauthorised use of these services. Users of Google Apps will be required to to verify their identity with a SMS if Google detects a suspicious login.
The suspicious login attempt might occur when you attempt to login from a different country for example. Not all users will have signed up for this service i.e providing a mobile number. If you haven’t shared your number with Google, Google will prompt you to share it if a suspicious login is detected. If your mobile phone doesn’t is unavailable due to poor reception then there will be an alternative challenge. I’m not sure what this will be right now. Might be Web based (see bootnote).
Google will send your mobile device a challenge code via SMS to verify that it is you that is attempting to login to one of Google’s Web Apps. For those of you who don’t know, Google Apps comes with a $50 per-person-per-year cost which allows people to use Gmail, Google Calendar, Google Docs, Google Sheets, and Google Slides. Google knows that the personal identifier is the mobile device, so it makes sense to roll out a two factor authentication service for Apps.
This service is expected to roll out over the coming weeks.
Bootnote: If you don’t use Google Apps, then you might use Calendar or Gmail. If you do then you might also be challenged if Google suspects suspicious activity i.e. change in your login location*. https://support.google.com/accounts/answer/1144110?hl=en&ref_topic=2401957 If you have this set up then you should receive a SMS (not a challenge code) which says ‘Google Account <your email address>: Suspicious login detected. See google.com/blocked
*Remember suspicious activity will be detected if you are automatically logged in to a Google service i.e. if you use iCal and sync with Google Calendar for example – will prompt you for a password.