Google has confirmed that it is in the process of eliminating the use of Short Message Service (SMS) for Gmail authentication with users expected to use QR codes and passkeys exclusively instead.
This move is in line with the tech industry's gradual transition from passwords to passkeys, which use biometrics to secure logins.
Over the past few years, the industry has seen the use of code-generating apps and even app-less approaches to two-factor authentication which are far more secure than SMS authentication.
While speaking to Forbes, Gmail spokesperson Ross Richendrfer confirmed that the change was their motive stating, “Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication."
According to Richendrfer, the transition to just QR Code verification would also offer unique benefits to Gmail users by reducing the impact of rampant global SMS abuse.
Currently, the mandate that SMS verification serves is flawed and has constantly led to unwitting users falling for phishing scams and mass spam emails.
SMS verification offers two primary services for distinct purposes which are; security to ensure that the same user as before is logging in, and abuse control to ensure fraudsters do not abuse the service.
However, these fraudsters have been able to infiltrate the communication service and find loopholes to carry out their phishing scams. This is mostly because people don’t always have access to the device the codes are sent to, and they are reliant on the security practices of the user’s carrier.
“If a fraudster can easily trick a carrier into getting hold of someone’s phone number, any security value of SMS goes away," Richendrfer said.
This insecurity in the use of SMS was why Richendrfer noted that Google would be moving exclusively to Gmail authentication using QR codes that will require users to use their devices to scan the code.
“Over the next few months, we will be reimagining how we verify phone numbers, Specifically, instead of entering your number and receiving a 6-digit code, you’ll see a QR code being displayed, which you need to scan with the camera app on your phone," the Gmail Spokesperson added.
“SMS codes are a source of heightened risk for users. We are pleased to introduce an innovative new approach to shrink the surface area for attackers and keep users safer from malicious activity. Look for more from us on this in the near future."
With the exclusive use of QR codes, phishing scams will be highly reduced as Gmail users are not at risk of being tricked into sharing their security codes with a threat actor as no such code will be available to share.
