Additional Verification allows you to use your SSO account to access resources that require an extra level of security. The system is similar to those used by many banks when you transfer money from your account online. Additional Verification is invoked by an application when it requires extra assurance that you really are you, perhaps because you are doing something that is of high sensitivity or high importance.
When you try to access something that is protected by this service, you are taken to a page where you can request an SMS text message containing a single use code to be sent to your mobile phone. On receipt of the message you enter this code into our system in a similar fashion to entering your SSO username and password. You are authenticated with higher assurance because the authentication depends on something only you have (your mobile phone) as well as something only you know (your password).
Each SMS code is valid for login for 15 minutes from issue, not from receipt. This means that if it has not arrived 15 minutes after you requested it, then it will not be valid and you will need to restart the login process. This should be an extremely rare event.
In the future, alternative methods of Additional Verification may be added that might use something other than a text message to your mobile as the additional step.