June 13, 2014, update: It appears that Google has temporarily rolled back these security changes for M+Google and other SSO-enabled domains. (SSO stands for Single Sign On. M+Google is considered an SSO domain because we use our own U-M Weblogin page to log in via the web rather than using Google's login.)
June 12, 2014: Members of the U-M community are being asked to provide a cell phone number when logging in to M+Google. This is a legitimate request from Google, and members of the U-M community can feel comfortable providing their cell phone number to Google to allow for identity verification if they wish to do so. If they don't provide a phone number, they may be asked for it more than once.
Google is working to enhance security for its login process, and having a cell phone number to use for identity verification is one method Google can use to do this. If Google suspects that someone other than the account holder is trying to log in to an account, it can send a text message to the cell phone on record with a verification code and require that the code be entered to complete the login process. This can help prevent an attacker who has stolen a password from getting into an account.
Providing a phone number is optional. Individuals may skip this step if they prefer that Google not contact them in this way.
If an individual does not provide a cell phone number, or does not have a phone capable of receiving text messages, Google will use other identity verification methods if it suspects attempts at unauthorized access.
For more information, see the Google Authentication announcement on google.umich.edu.
Also see this Google support page: Login Challenge for suspicious sign-ins
Google's increased security may also mean that members of the university community will be asked to authenticate (enter their UMICH password) more often when logging in to certain areas of Google. For example, they may be asked to re-authenticate when accessing areas like Dashboard or Account Permissions.