Google Announces End of SMS Code Authentication for Gmail

Short Message Service (SMS) will no longer be used by Google for Gmail authentication; instead, users will only be able to use passkeys and QR codes, as confirmed by Google.

All of this follows the computer industry’s trend towards using biometric login solutions, such as passkeys, rather than passwords.

Applications that generate codes and even methods that don’t require applications for two-factor authentication have recently emerged as industry standards; these alternatives to SMS authentication are significantly more secure.

Ross Richendrfer, a representative for Gmail, made the confirmation in an interview with Forbes, saying, “Just like we want to move past passwords with the use of things like passkeys. we want to move away from sending SMS messages for authentication.”

Richendrfer claims that Gmail users would also gain from a shift to QR code verification alone since it would lessen the effect of the widespread worldwide abuse of text messages.

Unfortunately, SMS verification is currently inadequate and has resulted in numerous cases of unsuspecting people falling for phishing scams and junk email.

Two main functions, security (to make sure the same user is logging in) and abuse management (to prevent fraudsters from abusing the service), are provided by SMS verification.

Unfortunately, the scammers have managed to breach the communication service and use vulnerabilities to execute their phishing schemes. This is mainly due to the fact that individuals are dependent on the security procedures of their respective carriers and may not always possess the physical equipment that receives the codes.

“If a fraudster can easily trick a carrier into getting hold of someone’s phone number, any security value of SMS goes away,” Richendrfer said.

QR Code-Based Verification

Due to the security risks associated with SMS, Richendrfer pointed out that Google will soon switch to Gmail authentication by QR codes, which users will need to scan with their mobile devices.

“Over the next few months, we will be reimagining how we verify phone numbers, Specifically, instead of entering your number and receiving a 6-digit code, you’ll see a QR code being displayed, which you need to scan with the camera app on your phone,” the Gmail Spokesperson added.

“SMS codes are a source of heightened risk for users. We are pleased to introduce an innovative new approach to shrink the surface area for attackers and keep users safer from malicious activity. Look for more from us on this in the near future.”

Since Gmail users won’t be able to share their security codes with a threat actor, phishing scams will be significantly reduced due to the exclusive usage of QR codes.