Highlights
- Google plans to replace SMS-based authentication for Gmail with QR codes.
- The aim is to improve security and tackle SMS-related fraud as revealed by a Forbes report.
- SMS authentication has several risks including phishing attacks, device accessibility issues and carrier vulnerabilities.
- QR codes are expected to offer better phishing protection and less dependence on mobile carriers.
Google is reportedly planning to replace SMS-based authentication for Gmail with QR codes to improve security and tackle SMS-related fraud. A report by Forbes’ Davey Winder based on their discussions with Google insiders claims the SMS codes are being dropped.
SMS authentication has been widely used, but it has several security flaws. Gmail spokesperson Ross Richendrfer explained, “Just like we want to move past passwords with passkeys, we want to move away from sending SMS messages for authentication.”
“Over the next few months, we will be reimagining how we verify phone numbers,” Richendrfer told Forbes. “Specifically, instead of entering your number and receiving a 6-digit code, you’ll see a QR code being displayed, which you need to scan with the camera app on your phone,” they added.
Google’s Current Verification Method
Google currently uses SMS verification for two main reasons. One is security as SMSs are used to verify a user’s identity. The other reason is abuse control, which means SMS authentification is to prevent fraudulent Gmail account creation for spam and malware distribution.
However, SMS-based authentication comes with risks including phishing attacks, accessibility issues and carrier hacks. These are as explained below –
- Phishing Attacks – Hackers can trick users into revealing their codes.
- Device Accessibility Issues – Users may not always have access to the phone receiving the SMS.
- Carrier Vulnerabilities – Cybercriminals can deceive mobile carriers into transferring phone numbers, bypassing SMS security.
Another rising threat is traffic pumping also called toll fraud. It is when scammers trick services into sending massive amounts of SMS messages to numbers they control profiting from each message.
Google To Use QR Codes as the New Authentication Method
To counter all the above-mentioned risks, Google seems to be planning to introduce QR code-based authentication in the coming months. Instead of receiving a 6-digit SMS code, users will scan a QR code with their phone’s camera.
This change offers two major benefits, which includes –
- Better Phishing Protection – Without a fixed code, hackers have nothing to steal.
- Less Dependence on Mobile Carriers – This eliminates the risk of SIM-based fraud.
Richendrfer noted, “SMS codes are a source of heightened risk for users. We’re introducing an innovative approach to shrink the attack surface and keep users safer.”
Google hasn’t given an exact launch date for this update, but more details are expected soon. FoneArena report notes that this change in authentication method aligns with Google’s broader move toward more secure authentication methods such as passkeys and biometrics.
FAQs
Q1. What authentication method is Google planning to replace for Gmail?
Answer. Google is planning to replace SMS-based authentication for Gmail with QR codes to improve security and tackle SMS-related fraud.
Q2. What are the security flaws associated with SMS-based authentication?
Answer. SMS authentication has risks including phishing attacks, device accessibility issues and carrier vulnerabilities such as SIM-based fraud.
Q3. How will QR codes benefit Gmail authentication?
Answer. QR codes offer better phishing protection and reduce dependence on mobile carriers, eliminating the risk of SIM-based fraud.
Q4. Has Google provided a launch date for the QR code-based authentication update?
Answer. No, Google hasn’t given an exact launch date for the QR code-based authentication update but more details are expected soon.
Also Read: Google Wallet New QR Barcode Feature