Google has announced that users of its hosted applications will have the option of using two-factor authentication in order make them more secure.

Two-factor authentication requires the user to prove their identity in two ways: through something they know, such as a password, and something they own, such as an ID card or similar device. This reduces the chance of an impostor being able to break into a system.

In Google’s optional two-factor authentication system, the “something they own” will be a mobile phone. When the user enters their password, a verification code will be sent to their mobile, which the user must then enter to gain access to the hosted application.

“This makes it much more likely that you’re the only one accessing your data: even if someone has stolen your password, they’ll need more than that to access your account,” wrote Eran Feigenbaum, director of security for Google Apps, in an official blog post.

Google has taken a number of measures to convince potential customers of the security of its hosted services. In July 2010, the company announced a high-security version especially for US government agencies after the Los Angeles police department cancelled a $7 million contract saying Google was unable to meet its security requirements.

Concerns remain, however. Last week, Google confirmed reports that it had sacked an engineer for illegally accessing private data belonging to users.

Security fears consistently rank as the main reason why organisations chose not to adopt cloud computing services.