With over 1.8 billion active users, Gmail is not just the most popular email service globally—Google has been a leader in championing two-factor authentication (2FA) as a means to secure user accounts. However, the SMS-based method of delivering authentication codes is now being reevaluated due to serious security concerns.
SMS 2FA, while widely used, has proven to be vulnerable to attacks like SIM card swaps and phishing, where attackers trick users into giving up their codes. As a result, Google has announced plans to phase out SMS-based authentication in favor of a more secure method: QR codes. According to Forbes, QR codes will soon replace SMS codes as the primary method for verifying users during Gmail logins, marking a significant improvement in security.
Ross Richendrfer, a Gmail spokesperson, remarked, “Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication.” This strategic move highlights Google’s focus on improving online security and staying ahead of evolving threats.
The decision to move away from SMS is a direct response to the growing frequency of SIM-swapping and phishing attacks, both of which put users’ personal information and online accounts at risk. The introduction of QR codes will mitigate these vulnerabilities, offering a much safer alternative for Gmail login processes.
While Google has not provided exact details on how the QR code authentication will work, it’s expected that users will scan a QR code with their phone or authentication app to complete the login process. The exact timeline for this transition is still unclear, but Google intends to roll it out over the next few months.