Google is set to phase out SMS-based authentication for Gmail accounts, replacing it with QR codes as part of its ongoing security enhancements. The company aims to curb phishing attacks and eliminate reliance on mobile carriers for authentication security.
A Google spokesperson, Ross Richendrfer, confirmed the move, stating:
“Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication.”
The shift is expected to roll out gradually over the coming months, reinforcing Google’s commitment to improving user security and reducing widespread SMS fraud.
Why Google is Abandoning SMS Codes for Authentication
For years, SMS-based authentication has been a common method for verifying user identities. However, this approach has several security weaknesses, including:
- Phishing Attacks – Cybercriminals can trick users into revealing SMS codes, granting unauthorized access to their accounts.
- SIM Swapping – Fraudsters can hijack a user’s phone number by manipulating mobile carriers, intercepting verification codes.
- Service Dependence – If a user loses network access or changes their phone number, they may be unable to receive SMS authentication codes.
- Abuse by Fraudsters – Criminals have exploited SMS-based systems by triggering mass authentication requests, generating revenue through fake traffic (a practice known as “traffic pumping”).
Due to these vulnerabilities, Google has been exploring alternative authentication methods, including passkeys, authentication apps, and now QR codes.
How Gmail’s New QR Code Authentication Will Work
Instead of entering a phone number and receiving an SMS code, Gmail users will be presented with a QR code during login. To authenticate, users will need to:
- Open the camera app on their smartphone.
- Scan the QR code displayed on the login screen.
- Confirm their identity using a linked Google account.
This approach significantly reduces the risk of phishing since there is no SMS code that can be intercepted or tricked out of users.
What This Means for Gmail Users
- Enhanced Security – Without SMS codes, attackers have fewer opportunities to intercept authentication credentials.
- Reduced Reliance on Mobile Carriers – Users won’t have to worry about SIM card-related security breaches or service availability.
- Simplified Login Process – QR codes provide a faster, more seamless authentication method.
When Will Google Roll Out This Change?
While an exact timeline has not been disclosed, Google has indicated that the transition will begin in the coming months. Gmail users will receive updates as the feature becomes available.
This shift aligns with Google’s broader strategy to eliminate passwords and replace them with more secure authentication methods, such as passkeys and biometric verification.
Google’s decision follows similar moves by other tech giants, including Apple and Microsoft, who are also working towards passwordless authentication.
For now, Gmail users are encouraged to ensure they have a backup authentication method in place, such as Google Authenticator, to avoid disruptions once SMS codes are phased out.
This update represents a significant step forward in cybersecurity, providing Gmail users with a more secure and phishing-resistant authentication proces.
Armenian Dram
Ghana Cedi
Gambian Dalasi
Guinea Franc
Nigerian Naira
CFA Franc BEAC
