CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Google to Replace SMS Authentication in Gmail with QR Codes

By Leave a Comment

Google has announced plans to phase out SMS-based authentication codes for Gmail users, replacing them with QR code-based verification.

The move aims to enhance security by mitigating phishing risks and eliminating vulnerabilities tied to mobile carriers.

Google spokesperson Ross Richendrfer confirmed to Forbes that the company is shifting away from SMS authentication, aligning with its broader goal of moving beyond traditional passwords. “Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication,” Richendrfer stated. The change comes as SMS codes continue to be exploited in various cybercriminal activities, including phishing attacks and fraudulent schemes like “traffic pumping,” where attackers profit from artificially generated SMS messages.

Currently, Google uses SMS authentication codes for two main purposes: verifying user identity and preventing abuse. The latter includes stopping fraudsters from creating massive numbers of Gmail accounts for spam and malware distribution. However, SMS-based authentication has long been criticized for its security shortcomings, including susceptibility to phishing attacks and SIM-swapping schemes, where attackers trick mobile carriers into transferring a victim's phone number to their own device.

Gmail, which has over 1.8 billion active users worldwide, plays a critical role in personal and business communication. The service is frequently targeted by cybercriminals using phishing emails, credential theft scams, and other attack methods. By replacing SMS authentication with QR codes, Google aims to provide a more secure and phishing-resistant method of verifying users. According to Richendrfer, the new approach will require users to scan a QR code displayed on their login screen using their smartphone's camera app, rather than manually entering a six-digit code sent via SMS.

The shift to QR code authentication offers two key security benefits:

  1. It removes the risk of users unknowingly handing over authentication codes to attackers in phishing scams.
  2. It reduces reliance on mobile carriers, which have varying levels of security and are often targeted in SIM-swapping fraud.

While Google has not provided a specific timeline for implementing these changes, the company has hinted at more updates in the coming months.

Meanwhile, if you're looking for secure email services that also respect user privacy, you should consider this list of the 10 best, as evaluated by our editors earlier this month.

About Amar Ćemanović

Amar Ćemanović is an experienced editor and trained engineer with a keen eye for detail and a passion for technology. 
Based in Bosnia, Amar specializes in producing high-quality, engaging content. He holds a Master’s degree in engineering, which helps him maintain a meticulous approach to all editorial work. Amar brings a well-rounded knowledge base, covering everything from tech solutions to privacy tools.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *