Google is set to remove SMS-based Gmail authentication due to security concerns.
Gmail, the world’s most popular email service, will officially phase out SMS-based two-factor authentication (2FA) in the coming months. This marks a major shift in how Google approaches account security.
This move aims not only to enhance safety but also reflects the modern trend of upgrading data protection measures.
“Similar to how Google is gradually transitioning from passwords to alternatives like passkeys, we want to avoid using SMS for authentication,” said Google.
Google representatives argue that SMS-based authentication presents significant security challenges today. Users do not always have access to the device receiving the SMS code, and the process heavily relies on mobile carriers.
“If a fraudster can trick a carrier into transferring someone’s phone number, the security value of SMS authentication is entirely lost,” Google emphasized.
In the coming months, Google will change how phone-based verification works. Instead of receiving an SMS with a six-digit authentication code, users will see a QR code that they must scan using their phone’s camera.
According to Google, using QR codes for authentication offers two major benefits. First, it reduces the risk of users being tricked into sharing their authentication code with scammers, as there is no text-based code to be intercepted. Second, it eliminates dependence on mobile carriers in most cases.
“SMS codes pose a high security risk for users. We are excited to introduce an innovative approach that limits attackers’ reach and better protects users from harmful activities,” Google concluded.
Google’s decision not only impacts billions of Gmail users but could also trigger a broader shift in the tech industry. Other companies may follow suit, accelerating the phase-out of outdated authentication methods.