Google is planning to phase out SMS codes for verifying identity when accessing Gmail. The company acknowledged that traditional two-factor authentication through SMS is susceptible to phishing attacks, telecom operator vulnerabilities, and fraud, and has decided to implement a more secure method utilizing QR codes instead.
Gmail’s spokesperson, Ross Redfer, stated that Google is aiming to transition to more modern security measures such as Passkeys while gradually phasing out outdated methods. The primary objective is to mitigate the impact of SMS abuse on user security.
Currently, Google utilizes SMS codes for two purposes: verifying identity and deterring abuse. The former ensures that the account is still being accessed by the rightful user, while the latter helps prevent mass creation of fake accounts for spam and malicious activities.
Unfortunately, SMS codes are frequently targeted by scammers who intercept them or engage in fraud to gain access to victims’ accounts. Criminals also exploit tactics like “traffic wrapping” to send mass SMS messages from controlled numbers for financial gain.
By replacing SMS codes with QR codes, Google aims to significantly reduce phishing risks, as users will no longer receive easily compromised 6-digit codes. This transition also decreases reliance on mobile operators, enhancing the overall security of the authentication process.
In the coming months, Gmail users can expect to see changes when logging into their accounts. Instead of entering a number and receiving an SMS code, a QR code will be displayed on the screen for scanning using a smartphone camera.
This move aligns with the broader technological industry trend of moving away from unreliable authentication methods like passwords and SMS codes in favor of biometric measures, cryptographic keys, and other advanced solutions.
While specific launch dates for the new system within Google have not been announced, the company reassured users that significant progress is being made in this direction. An official announcement regarding the changes to Gmail authentication is expected in the near future.