SMS-based authentication codes have long been a necessary evil—better than nothing, but far from ideal. Now, Google is officially moving to phase them out for Gmail users, replacing them with QR codes. This change aims to enhance security and curb rampant SMS abuse, as confirmed by Gmail spokesperson Ross Richendrfer to Forbes.
In This Article
Why Is Google Abandoning SMS for Authentication?
The vulnerabilities of SMS codes are well-documented:
- Easy to Phish: Hackers can trick users into revealing their security codes.
- Carrier Dependency: A fraudster can hijack a phone number through SIM swapping.
- Device Restrictions: Users may not always have access to the device receiving the SMS.
- Fraudulent Schemes: Cybercriminals exploit SMS verification for scams like traffic pumping, where they generate large volumes of verification messages to numbers they control, profiting from each delivery.
Google has acknowledged these risks and is opting for a more secure, phishing-resistant method: QR codes.
Read Also: Top 6 ways to scan any QR code on your Android smartphone (2024)
How Will Gmail’s QR Code Authentication Work?
Instead of entering a phone number and waiting for a 6-digit code, Gmail users will see a QR code on their screen during login. They’ll scan it with their smartphone camera, eliminating the need for an SMS message altogether.
The Benefits of QR Code Authentication
- Reduces Phishing Attacks – With no code to intercept, hackers can’t trick users into revealing anything.
- Less Reliance on Mobile Carriers – It removes the risk of SIM-swapping and fraudulent number takeovers.
- More Seamless Login Experience – Scanning a QR code is often quicker and more reliable than waiting for an SMS.
Read Also: How to protect your iPhone against SMS phishing scams
What’s Next?
Google has not provided an exact rollout date, but the transition is expected to take place over the coming months. The company is actively working to refine authentication methods, aligning with its broader push toward passkeys and biometric security.
While QR codes may not be everyone’s favourite, this move is a major step toward stronger security. SMS authentication has served its time, but its vulnerabilities make it increasingly untenable. Google’s shift to QR codes could set a precedent for other tech giants to rethink their authentication strategies.
