The problem with a hardware token security is that it relies on every user having one or not leveraging the security. That's something that can be difficult for an IT department to coordinate across an organization, thus would be herculean for a Google scale company to legislate across its user base.