Google is changing how you login to your account and making it safer. For many years, we have relied on SMS text messages for security codes to authenticate identity which is not the best idea. Google is now ready to ditch SMS-based two-factor authentication (2FA) for Gmail users and opt for a new feature that can eliminate the risk of intercepted or stolen codes. In recent years, code-generating apps and even app-less methods of two-factor authentication have become commonplace as the tech industry is slowly moving away from passwords to passkeys.
As per a report by Forbes, the tech giant is replacing it with QR code verification. The move, expected to roll out over the coming months, is aimed at enhancing security and reducing the increasing abuse of SMS verification systems associated with phishing attacks and SIM-swapping fraud.
In a conversation with Forbes, Gmail spokesperson Ross Richendrfer said, “Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication."
The company currently uses a six-digit authentication code for SMS verification. With the latest update, Gmail users will need to scan with their smartphone cameras to verify their identity. Richendrfer explained, “Over the next few months, we'll be reimagining how we verify phone numbers. Specifically, instead of entering your number and receiving a 6-digit code, you will see a QR code being displayed, which you need to scan with the camera app on your phone."
According to Richendrfer, SMS codes present numerous security challenges, like they can be phished, people don’t always have access to the device the codes are sent to, and they're reliant on the security practices of the user’s carrier. “If a fraudster can easily trick a carrier into getting hold of a user's phone number, any security value of SMS goes away." Richendrfer said.
Swipe Left For Next Video
Giving an example of a relatively new scam called traffic pumping, Google has observed over the last couple of years, “It’s where fraudsters try to get online service providers to originate large numbers of SMS to numbers they control, thereby getting paid every time one of these messages is delivered," Richendrfer highlighted.
As Google moves to strengthen account security, it acknowledges the security vulnerabilities of SMS-based authentication. “SMS codes are a source of heightened risk for users. We are pleased to introduce an innovative new approach to shrink the surface area for attackers and keep users safer from malicious activity," he concludes.
Latest Blogs

source