With around 1.8 billion active users, Gmail is the most popular email service globally, and it has long been a pioneer in online security. Google was among the first to make two-factor authentication (2FA) widely accessible to protect user accounts, particularly with the use of SMS-based codes. However, while 2FA itself is a strong security measure, the method of delivering these codes via SMS has significant vulnerabilities.
Hackers have found ways to bypass SMS 2FA through methods like SIM card theft or phishing attacks, which compromises the safety it is meant to provide. This is why Google is now transitioning away from SMS-based authentication and embracing a more secure option: QR codes. According to a report by Forbes, the shift to QR codes will offer a much more secure means of logging into Gmail accounts, leaving SMS codes behind.
In an official statement, Ross Richendrfer, a Gmail spokesperson, explained, “Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication.” This change is part of a broader push to improve user security and prevent exploitation of outdated security measures.
The decision to replace SMS 2FA with QR codes comes in response to the growing abuse of SMS 2FA. SMS-based codes are vulnerable to various attacks, including SIM swapping and phishing, which can provide criminals with access to accounts or even your entire smartphone. This switch to QR codes is a natural step to combat those risks, offering a more reliable and safer authentication method.
As of now, Google has not disclosed specific details on how the new QR code system will function, but it’s expected that users will be able to scan a QR code with a phone or authentication app to complete their login. While the transition is still in the works, Google aims to make this shift over the next few months.
