Google is set to phase out six-digit SMS authentication codes and replace them with QR codes for verification, a move aimed at strengthening security measures and reducing the risk of cyberattacks.
The transition is expected to roll out gradually, with full implementation planned by March 26th.
SMS-based authentication has long been used to verify Gmail users and prevent large-scale spam account creation. However, it presents security risks such as SIM swapping attacks, phishing scams, and vulnerabilities tied to mobile carriers. Cybercriminals can trick users into revealing their SMS codes, and mobile carriers’ security policies vary, making it difficult to ensure consistent protection.
Google also aims to tackle a rising scam known as traffic pumping or toll fraud, where fraudsters generate massive numbers of SMS messages to numbers they control, earning money each time a code is sent. By eliminating SMS-based verification, Google is cutting off this exploit, further enhancing account security.
Once implemented, users will no longer receive a six-digit code via SMS to verify their identity. Instead, they will be presented with a QR code, which they can scan using their smartphone’s camera to complete the authentication process. This method eliminates the possibility of users being deceived into sharing authentication codes and removes security threats associated with phone carriers, including SIM swapping.
The shift to QR code-based authentication brings several benefits, including enhanced security, faster verification, and reduced reliance on mobile service providers. Google’s move is part of its broader effort to modernize security practices and minimize risks associated with outdated authentication methods. While SMS-based two-factor authentication remains better than no security at all, Google believes QR codes provide a more robust and reliable solution for users.
