Gmail Is Ditching SMS Authentication For QR Codes: What You Need To Know

hero google sms authentication stops qr code

Security measures are constantly being improved to ensure updated protection for users. As a result, Google has now disclosed that it is making plans to phase out SMS security authentication for Gmail logins. No small deal, it’s estimated that there are close to 2 billion Gmail accounts.

As the threat of malicious actors grows, the tech industry is actively developing advanced security solutions to protect users. This trend is reflected in the gradual shift from passwords to passkeys, which is fueled by the need for greater security and enhanced digital experiences, as well as the anticipated replacement of SMS security authentication with QR codes.

According to Google, SMS verification serves two key functions: enhancing security and managing abuse. However, this tool appears to be ineffective in handling these concerns.

In an exclusive disclosure to Forbes’ Davey Winder, Google’s Ross Richendrfer and Kimberly Samra revealed Gmail’s plan to replace SMS authentication. The change is driven by security risks associated with SMS, such as spoofing, device access limitations, and reliance on carrier security. If a hacker compromises the carrier, user information is easily obtained, negating the code’s purpose.

Furthermore, Google has documented extensive criminal exploitation of SMS authentication measures. This exploitation involves the generation of substantial artificial traffic by malicious actors who deceive corporate entities into remitting payment for unsolicited SMS messages delivered to phone numbers under their control.

body google sms authentication stops qr code   

What will the change introduce? According to Richendrfer, users will now use their phone’s camera to scan a QR code instead of receiving an SMS text message with a verification code.

Although the launch date is yet to be revealed, Google expects this change to strengthen security by making it more difficult for hackers to breach user accounts and systems.