Google is taking a big step to improve Gmail security by moving away from SMS-based authentication in favor of QR code verification. According to a report by Davey Winder at Forbes, insider sources say the company plans to phase out SMS two-factor authentication (2FA) due to its long-standing vulnerabilities to phishing, spoofing, and hacking.
Why Is Google Ditching SMS Authentication?
For years, SMS-based 2FA has been one of the weakest links in online security. Hackers have found multiple ways to exploit it, including SIM swapping, phishing scams, and man-in-the-middle attacks that intercept text message verification codes.
To address these risks, Google is introducing a more secure method. Instead of receiving a six-digit code via SMS, users trying to log into Gmail on a new device will be asked to scan a QR code using their smartphone camera. This approach makes it much harder for hackers to gain unauthorized access since they would need physical control of the user’s smartphone rather than just their phone number.
Ross Richendrfer, Head of Security and Privacy PR for Google Workspace, confirmed that the shift to QR codes is coming soon. He explained that this new authentication method will “reduce the phishing risk for Gmail users” and eliminate the security flaws tied to mobile carriers, which have been a major weak point in SMS-based verification.
While Google hasn’t shared an exact timeline for the rollout, Richendrfer hinted that users can “expect more updates in the near future.”