- Google is removing SMS messages as an authentication option
- It will be replaced with on-screen QR codes
- Removing SMS authentication reduces the risk of phishing and fraud
Google is officially moving away from using SMS messages in its Gmail account two-factor authenticator.
Gmail spokesperson Ross Richendrfer told Forbes, “we want to move away from sending SMS messages for authentication” to “reduce the impact of rampant, global SMS abuse.”
SMS authentication codes can be easily intercepted by hackers simply by porting your phone number to a new device - just one of the many security issues plaguing SMS messages for authentication.
QR codes to replace Gmail SMS authentication
Google will instead introduce on-screen QR codes that will have to be scanned with your chosen authentication device in order to verify that it is actually you trying to log in. This potentially adds an extra layer of biometric security for those who use a facial recognition or fingerprint scan to access their device or applications.
QR codes will also solve two other concerns related to SMS authentication methods. The first being that QR codes are more phishing resistant, as there will no longer be a security code to share with an attacker. The second being the authentication will no longer be reliant on the phone service provider’s abuse and fraud protections.
Authentication will still be reliant on the user having access to their mobile device, but removes a significant amount of the risk of abuse. For Google, it is also a win, as it cuts down on threat actors being able to run ‘traffic pumping’ campaigns.
In these campaigns, criminals will abuse online service providers to generate a huge amount of SMS messages to phone numbers they control, allowing them to generate revenue through access charges and intercarrier compensation.
In the future, Google hopes to move to a fully passkey supported authenticator system, but the move from passwords to passkeys hasn’t been as fast as Google had hoped, despite their best efforts to convince users to make the switch.
You might also like
- This is our guide to the best password manager
- Take a look at the best parental control app
- Google Cloud introduces quantum-safe digital signatures
