MUZAFFARABAD (Kashmir English): Google is replacing SMS-based two-factor Gmail authentication with QR codes due to security concerns, aiming to prevent phishing and SIM-swapping attacks in the coming months.
With approximately 1.8 billion active users worldwide, Gmail remains the most widely used email service. Over the years, Google has been at the forefront of online security measures, including the introduction and popularisation of two-factor authentication (2FA).
However, one of the most common 2FA methods, receiving a one-time code via SMS, has increasingly become a security risk. Hackers have found ways to bypass SMS-based authentication through techniques such as SIM card swapping and phishing scams. Recognising these vulnerabilities, Google is now making a significant change to the Gmail login process.
Google intends to terminate SMS-based 2FA authentication for Gmail users. The organization aims to create an extensive deployment of QR codes as its modern authentication protocol.
The Gmail spokesperson Ross Richendrfer declared that Gmail plans to eliminate SMS authentication: “We want to advance beyond passwords by utilizing passkeys so we’re also leaving SMS authentication behind.”
This decision by the company emerged due to rising cybersecurity threats against SMS-based authentication methods. The ease of receiving SMS codes as authentication makes them susceptible to two types of interception attacks involving SIM-swapping schemes and phishing tactics. The security of mobile service providers remains a weak point because their systems are prone to being broken into.
The implementation of QR codes will boost security measures because authentication methods which use QR codes prove stronger against phishing attempts and fraud. Users accessing Gmail through mobile devices or authentication applications will need to verify their identity by scanning a QR code according to likely system specifications.
Google has declared that it will implement the new authentication process throughout the next few months, although a precise schedule has not been disclosed. Users should continue to be cautious about phishing attacks but should consider implementing passkeys as well as app-based 2FA until the transition period is complete.
The transition from SMS-based 2FA reflects Google’s necessary approach to enhance digital security by defending users from growing cyber threats.
