Google Replacing SMS With QR Codes for Gmail Authentication
Soon, you’ll see a big change in how your Gmail account is secured and how two-factor authentication logins are. Google has said it plans to stop sending 2FA codes via text messages to verify Gmail accounts, which will benefit security tools like Passkeys and QR codes you will use to scan your device.
Google says 2FA’s SMS messaging has become increasingly difficult because Forbes reported earlieras scammers and fraudsters use technology to trick user accounts.
Ross Richendrfer, head of public relations at Google, confirmed this to CNET. He said Google will “reimagine” how companies verify phone numbers. Gmail and other Google services will transform from a six-digit code on SMS to sending QR codes that users can verify.
“Just like we want to move past passwords with something like PassKeys, we want to get rid of sending SMS messages for identity verification,” Richendrfer said.
The goal is to eliminate instances where users share their SMS code with scammers who deceived them and eliminated the phone operator as a possible point of violation. Google says some scammers use SMS messages for a scam called “traffic pumping” that allows them to pay for SMS messages.
Richendrfer said using QR codes will reduce the risk of phishing, reduce global SMS abuse, and keep users from relying on their phone carriers.
“SMS code is a source of increased risk for users – we are pleased to introduce an innovative new approach to reduce the surface area of an attacker and keep users safer from malicious activity,” he said.
Gmail also uses other 2FA methods, such as sending users to a Gmail application to verify logins and its own security software, Google Authenticator.
Necessary measures for safety
Google isn’t the only company to leave SMS with 2FA. last year, Evernote deleted SMS from serviceand secure messaging applications Signal deletes it in 2022. X, Apple and Microsoft The user has also been transitioned from the text message. Google has been signaling the transition to SMS Since 2017.
Experts say this move is not surprising and may be necessary for Google.
“Google’s departure from SMS-based login is a sensible security step – while it seems inconvenient at first, McAfee’s online security advocate Amy Bunn told CNET that this seems to be a necessary step towards stronger protection.
“Network Ruker can hijack phone numbers through sim-swapping, intercept security codes, and even keep people from having their accounts shut out,” Bunn said. “That’s why more companies, including Google, are moving to more secure login methods such as Passkeys and Authentication Apps.”
Rob Allen, chief product officer of security firm Thrantlocker, said two-factor authentication SMS is probably the least popular 2FA (process). While having is definitely better than having someone without a 2FA, it is certainly the least safe. ”
Using the Authenticator app on your phone is a secure way to use two-factor authentication, Allen said.
He added: “It’s great to see the company moving towards a safer environment.”
