Google Doing Away With SMS Codes for Gmail Authentication
Gmail users will soon see a big change in how their accounts are secured and how their two-factor authentication is handled. Google plans to stop sending 2FA codes via text messages to verify Gmail accounts, while security tools (such as Passkeys and QR codes) that users will use to scan with their devices.
Google found that using SMS messaging for 2FA has become increasingly problematic as scammers and fraudsters use the technology to trick user accounts. This news is First reported by Forbes.
Ross Richendrfer, head of public relations at Google, confirmed the report to CNET.
“Just like we want to move past passwords with something like Passkeys, we want to get rid of sending SMS messages for identity verification,” he said.
According to Richendrfer, in the coming months, Google will “reimagine” how the company verifies phone numbers. Gmail and other Google services will transform from six-digit codes on SMS to sending QR codes that users can verify.
The purpose is to eliminate instances of users sharing their SMS code with scammers who cheated on them and eliminate the possible points of phone operators as violations. Google says some scammers use SMS messages for a scam called “traffic pumping” that allows them to pay for SMS messages.
Richendrfer said using QR codes will reduce the risk of phishing, reduce global SMS abuse, and keep users from relying on their phone carriers.
“SMS code is a source of increased risk for users – we are pleased to introduce an innovative new approach to reduce the surface area of an attacker and to keep users safer from malicious activity,” he said.
Gmail also uses other 2FA methods, such as sending users to a Gmail application to verify logins and its own security software, Google Authenticator.
Necessary actions
Google isn’t the only company to leave SMS with 2FA. last year, Evernote deleted SMS from serviceand secure messaging applications Signal deletes it in 2022. X, Apple and Microsoft The user has also been transitioned from the text message. Google has been signaling the transition to SMS Since 2017.
Experts say this move is not surprising and may be necessary for Google.
McAfee online security advocate Amy Bunn told CNET: “Google leaves SMS-based login is a wise security step – while it seems inconvenient at first, McAfee online security advocate Amy Bunn told CNET that this seems to be heading towards a stronger one The necessary steps taken by the protection of the
“Network Ruker can hijack phone numbers through sim-swapping, intercept security codes, and even keep people from having their accounts shut out,” Bunn said. “That’s why more companies, including Google, are moving to safer logins.” Methods such as Passkeys and Authentication Apps. ”
Rob Allen, chief product officer at security firm Thrantlocker, said two-factor authentication SMS is probably the least popular 2FA (process). Although having is definitely better than having one without 2FA, it is certainly the least safe. “
Using the Authenticator app on your phone is a secure way to use two-factor authentication, Allen said.
He added: “It’s great to see the company moving towards a safer environment.”
