In a major security upgrade, Google announced plans to phase out SMS-based verification for Gmail accounts in favor of QR code authentication. This change aims to better protect users from account hacks and reduce spam account creation.
Currently, Gmail users receive six-digit codes via text message to verify new logins or account creation. However, SMS verification has become increasingly vulnerable to security breaches. Text messages are transmitted without encryption and can be intercepted through compromised mobile carriers or intermediaries.
One of the biggest risks comes from SIM swap attacks, where criminals convince or bribe carrier representatives to transfer phone numbers to fraudulent devices. This allows attackers to receive verification codes and gain unauthorized access to email accounts, which often serve as gateways to other sensitive accounts.
"Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication," explained Google spokesperson Ross Richendrfer in a statement to Forbes.
The new system will require users to scan a QR code with their phones instead of entering texted codes. This approach eliminates vulnerabilities related to carrier security and makes phishing attempts more difficult, as scammers cannot trick users into sharing QR codes the way they can with SMS codes.
The transition is expected to roll out over the next few months, though specific timing for different markets remains unclear. Users who already employ alternative two-factor authentication methods, such as code generator apps or security keys, will continue using their existing verification methods.
This security update represents Google's ongoing efforts to strengthen account protection as cyber threats continue to evolve and become more sophisticated.