Google is officially ending support for SMS-based login codes, Gmail to Replace SMS Authentication a widely regarded weak form of two-factor authentication.

Google is reportedly planning to phase out SMS-based two-factor authentication (2FA) for Gmail in favor of quick response (QR) codes. According to a recent report, the company aims to enhance account security by replacing SMS codes, which are vulnerable to phishing attacks and social engineering scams. Malicious actors often deceive users into sharing their login codes, compromising the effectiveness of the existing 2FA system. While SMS-based authentication remains widely used across various platforms, Google’s move to QR codes is expected to provide a more secure and reliable verification method for users.

Gmail to Replace SMS Authentication Codes with QR Codes for Enhanced Security

Google is set to phase out SMS-based authentication codes in favor of QR codes, aiming to improve security and combat SMS abuse, according to a report by Forbes. Currently, users receive a six-digit code via SMS as part of two-factor authentication (2FA) after entering their password. This method, introduced in 2011, was Google’s first form of 2FA, but the company has since developed more secure alternatives.

In the coming months, Gmail users will no longer receive SMS authentication codes. Instead, they will be prompted to scan a QR code using their smartphone’s camera app to verify their login. Google believes this new authentication method will offer a more secure and reliable way to confirm a user’s identity after entering the correct password.

SMS codes pose a significant security risk for users, and we’re excited to introduce an innovative approach that reduces the attack surface and enhances user safety against malicious threats,” Gmail spokesperson Ross Richendrfer stated on Sunday.

Relying on SMS-based two-factor authentication (2FA) comes with several vulnerabilities—scammers can deceive users into revealing their SMS codes or execute “SIM swapping” attacks to hijack phone numbers. Following in the footsteps of X (formerly Twitter), Google is also intensifying efforts to combat SMS fraud, where scammers manipulate companies into sending text messages to specific numbers, profiting from each message delivered.

Google currently offers users the option to receive verification codes via a phone call instead of SMS. However, it remains unclear whether this feature will also be discontinued. Typically, Google prompts users with a login notification on their smartphones as a form of multi-factor authentication (MFA), allowing them to simply tap a button to complete the login process. Additionally, Google supports time-based one-time passwords (TOTP), which can be used with password managers or authentication apps like Google Authenticator.

Google is replacing Gmail’s SMS authentication with QR codes

Google to Replace SMS-Based 2FA Codes with QR Codes for Enhanced Security

Google is set to phase out six-digit authentication codes sent via SMS as a two-factor authentication (2FA) method for Gmail, according to a report by Forbes. Instead, the company will introduce QR codes over the next few months to strengthen account security and reduce the widespread abuse of SMS-based authentication.

Gmail spokesperson Ross Richendrfer explained to Forbes that SMS verification codes have historically helped Google confirm user identities and prevent criminals from mass-creating Gmail accounts for spamming and malware distribution. However, despite being more secure than having no 2FA at all, SMS authentication comes with its own vulnerabilities.

Why Google Is Moving Away from SMS-Based 2FA

One major concern is that hackers and fraudsters can deceive users into revealing their SMS authentication codes through phishing or social engineering tactics. Additionally, users may not always have access to the device receiving the codes, making the process inconvenient at times. The security of SMS-based authentication also depends on mobile carriers, some of which may be susceptible to fraud, such as SIM-swapping attacks that allow scammers to take control of a user’s phone number.

Another reason for the shift is to combat a rising scam known as traffic pumping or toll fraud. This scam involves fraudsters tricking service providers into sending large volumes of SMS messages to numbers they control, generating revenue from each successfully delivered message. By eliminating SMS-based authentication, Google aims to reduce such fraudulent activity.

How QR Code-Based Authentication Will Work

Once the change is implemented, users attempting to verify their phone numbers or access their accounts will no longer receive a six-digit SMS code. Instead, Google will display a QR code, which users can scan using their smartphone’s camera app.

This method removes the risk of users being tricked into sharing security codes and eliminates vulnerabilities tied to mobile carriers, such as SIM swapping. By shifting to QR-based verification, Google enhances both security and user convenience, making account authentication more reliable and resistant to cyber threats.

The transition to QR code authentication represents another step in Google’s ongoing efforts to improve online security and protect users from evolving cyber risks.

Conclusion

Google’s decision to replace SMS-based authentication with QR codes is a significant step toward improving online security. With cyber threats on the rise, this shift ensures better protection against phishing, SIM swapping, and unauthorized access. While some users may take time to adapt to the new system, the long-term benefits of enhanced security and ease of use make it a welcome upgrade. As digital security continues to evolve, other platforms may follow suit, making SMS-based authentication a thing of the past.

Read Also…… Internet shutdowns in 2024

Tags: Gmail QR Codes SMS technews technology