Google intends to gradually remove two-factor authentication (2FA) for Gmail users that relies on SMS.
Instead, QR code verification will be used as the new authentication method.
Google To Replace SMS-based Two Factor Authentication With QR Codes
The goal of this modification is to increase security and lower the risks of phishing and SIM-swapping fraud.
Currently, after entering their password, Gmail users receive an SMS with a six-digit authentication code.
Despite more secure alternatives, SMS-based authentication, which was first used in 2011, is still widely used.
Users will need to use the cameras on their smartphones to scan a QR code in order to confirm their identity under the new system.
SMS-based two-factor authentication is becoming more and more susceptible to phishing scams and SIM-swapping attacks.
In order to intercept verification codes, SIM-swapping attacks entail moving the victim’s phone number to a different SIM card.
Hackers also use phishing attacks to fool users into disclosing their one-time SMS codes.
Google Not The First Company To Stop SMS Authentication
X (formerly Twitter) has already abandoned SMS authentication, so Google is not the first company to do so.
SMS-based 2FA is unreliable since hackers take advantage of telecom flaws to profit from automated text message verifications.
Although a formal rollout date has not been announced by Google, the change is anticipated to occur in the upcoming months.
Google already provides a number of additional safe login methods in addition to QR codes.
On a registered device, Google Prompts lets users approve or reject login attempts through a pop-up notification.
For extra security, time-based one-time passwords (TOTP) are generated by authenticator apps such as Authy and Google Authenticator.
The best level of security is offered by physical security keys like YubiKey.
Some users currently prefer phone calls to SMS for authentication, but it’s unclear if Google will stop using these as well.
Google is set to establish its first physical stores outside the United States, with planned locations in New Delhi and Mumbai. This marks a strategic shift as Google aims to strengthen its foothold in India’s growing premium smartphone market, where it competes with Apple.
