Google Might Ditch SMS-Based Two-Factor Authentication For Gmail & Replace It With QR Code Authentication

Google is reportedly planning to discontinue support for SMS-based two-factor authentication (2FA) for Gmail. Instead, the company is expected to introduce QR codes as an alternative to the SMS codes currently sent to users. This change aims to enhance account security, as cybercriminals often exploit SMS-based authentication by deceiving users into revealing their login codes.

While SMS 2FA remains widely used across multiple platforms, it has long been considered vulnerable to phishing and other forms of attack.

ALSO READ | Nothing Phone 3a Vs Nothing Phone 3a Pro: How Will Nothing's Upcoming Flagships Stack Against Each Other? Find Out

Gmail To Replace Eliminate SMS Authentication Codes?

According to a Forbes report, Google will implement QR codes as a substitute for SMS-based authentication codes in the coming months. Currently, users receive a six-digit verification code via SMS, which must be entered after submitting the correct password to access their Google account. Introduced in 2011 as the first 2FA method by the company, SMS verification has since been supplemented by more secure authentication options.

Once SMS-based 2FA is phased out, Gmail users will be required to scan a QR code using their smartphone’s camera to complete the login process. Google asserts that this transition will provide a more secure authentication method, reducing the risk of unauthorized access after password entry.

"SMS codes pose a significant security risk for users. We’re excited to introduce a more advanced authentication system to minimize attack vectors and better protect users from fraudulent activity," Gmail spokesperson Ross Richendrfer told the publication on Sunday.

SMS-based 2FA is susceptible to various security threats, including scams where attackers manipulate users into revealing their authentication codes. Additionally, "SIM swapping" attacks allow hackers to gain control of a user's phone number, further compromising security. Following the approach taken by X (formerly Twitter), Google aims to mitigate risks associated with SMS fraud, where scammers exploit companies to generate text messages for financial gain.

Currently, Google offers an alternative option that allows users to receive verification codes through a phone call rather than SMS, though it is unclear if this feature will also be discontinued. In addition to QR code-based authentication, Google provides other multi-factor authentication (MFA) options, such as login prompts on registered smartphones and time-based one-time passwords (TOTP) through password managers or apps like Google Authenticator.