Google is gradually replacing SMS-based six-digit authentication credentials for Gmail with QR codes as a more secure two-factor authentication (2FA) option. According to Gmail spokesperson Ross Richendrfer, the change is anticipated to be implemented over the next several months and is intended to counteract the growing misuse of SMS verification systems.
“Over the next few months, we will be reimagining how we verify phone numbers,” according to sources. “Specifically, instead of entering your number and receiving a 6-digit code, you’ll see a QR code being displayed, which you need to scan with the camera app on your phone.”
Google has a clear explanation for this change. Mobile providers are inevitably involved as middlemen when depending on text messages; thus, SMS-based authentication is susceptible to phishing attacks. Instead of getting a text message under the new approach, customers will use the camera on their smartphone to scan a QR code.
This creates an additional degree of danger since carriers have different security requirements and are not impervious to intrusions. Google wants to improve security while lowering fraud and abuse inside its ecosystem by switching from SMS to QR-based authentication.
Two-Factor Authentication: Why Is QR Code Better?
For a long time, SMS codes have been used to confirm account ownership and stop the bulk creation of phoney Gmail accounts for the propagation of viruses and spam. They do, however, have security flaws, including the ability for hackers to trick users into disclosing their codes and the potential for SIM-swapping attacks to breach accounts.
Furthermore, SMS verification depends on the security protocols of cell carriers, which differ in their efficacy. Phishing efforts against Gmail users are far less successful when there is no code to steal.
A growing scam known as traffic pumping or toll fraud, in which hackers take advantage of SMS-based authentication systems to make money, is another factor that motivated Google’s move. To benefit each time a message is delivered, scammers trick providers into sending verification messages to numbers under their control.
However, the new method, QR codes, removes carrier-based vulnerabilities and the possibility of intercepted or stolen codes.
Gmail spokeswoman Richendrfer acknowledged that SMS-based authentication had security flaws, saying, “SMS codes are a source of heightened risk for users.” The company’s dedication to enhancing security was highlighted by him, who said, “We’re pleased to introduce an innovative new approach to shrink the surface area for attackers and keep users safer from malicious activity.”
Despite the lack of a specific rollout date, Richendrfer hinted at future developments by stating, “Look for more from us on this shortly.” A lot of users will probably applaud this update as a long-overdue upgrade as Google works to improve account security.
