Google has announced plans to phase out SMS-based verification codes for Gmail authentication, transitioning instead to QR code-based verification, Forbes is reporting.
This initiative aims to address the inherent vulnerabilities associated with SMS authentication and to combat fraudulent activities exploiting Google’s messaging services.
Ross Richendrfer, a spokesperson for Gmail, emphasized the company’s commitment to advancing security measures: “Just as we are moving beyond passwords with the adoption of passkeys, we intend to eliminate SMS messages for authentication.”
Currently, Google employs SMS verification for two primary purposes: confirming user identity and preventing misuse of its services. However, SMS-based codes are susceptible to various security threats, including phishing attacks and social engineering tactics that can compromise user accounts.
Additionally, the reliance on mobile carriers’ security practices introduces another layer of vulnerability. Richendrfer noted that if a malicious actor deceives a carrier into transferring a user’s phone number, the protective value of SMS codes is effectively nullified.
Beyond these security issues, SMS verification has been exploited in fraudulent schemes such as “traffic pumping” or “toll fraud.” In these scams, cybercriminals prompt service providers to send numerous SMS messages to numbers under their control, profiting from each message delivered.
To counter these challenges, Google plans to implement a QR code-based verification system in the coming months. Instead of receiving a six-digit code via SMS, users will be presented with a QR code during the authentication process. Scanning this code with a smartphone’s camera app will complete the verification.
By embracing QR code-based authentication and passkeys, users can significantly enhance the security of their accounts, protecting personal information from potential threats.
Google is encouraging the users to stay informed about these upcoming changes and adopt the new verification methods as they become available.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
Such woke and AI generated language, Usman.
Google already implemented recently an OTP to be used on another advice which has been problematic. This QR code nonsense just adds to it. Let's see how long before there will be a serious backlash. Then again, Forbes has becoming a jaw dropping clickbait, spam, and unreliable site.
Woke???? Idek where you are getting that from
I couldn't imagine travelling to another country on vacation, trying to log into Gmail today. Everything used to work so seamlessly and now it's just endless security authentication and verification.