Google removes SMS codes to authenticate Gmail

Gmail users will soon see a major change in the way their accounts are secured and how their two -factor authenticated logins are processed. Google plans to stop sending 2FA codes via a text message to check Gmail accounts for the benefit of security tools such as Passkeys and QR codes that users will scan with their devices.

Google finds that using SMS messages for 2FA is becoming more and more problem as fraudsters and scammers use technology to erupt user accounts. The news was First reported by ForbesS

Ross Richendrfer, head of public security and confidentiality on Google, confirmed the report to CNET.

“Just as we want to move past passwords with the use of things like Passkeys, we want to move away from sending SMS messages for authentication,” he said.

According to Richendrfer, in the next few months, Google will “rethink” how the company checks telephone numbers. Gmail and other Google Services will be transferred from text six -digit codes via SMS to sending a QR code that the user will check.

The purpose would be to remove the cases of users who share their SMS code with a fraudster who deceived them and eliminating telephone carriers as a possible violation point. Some scammers, Google says, use SMS messages for fraud called “pump traffic” that allows them to receive pay for SMS messages.

Richendrfer says the use of QR codes will reduce the risks of phishing, reduce global SMS abuse and make users less relying on their telephone carriers.

“SMS codes are a source of increased risk to consumers – we are pleased to introduce an innovative new approach to shrinking the surface for the attackers and to protect consumers more favorable than malicious activity,” he said.

Gmail also uses other 2FA methods such as sending a user to the Gmail app to check input as well as own security software, Google AuthenticatorS

Required

Google is not the only company that moves away from SMS for 2FA. Last year, Evernote removed SMS from its serviceand the secure messaging app The signal removed it in 2022.S X, Apple and Microsoft They have also transferred users from SMS. Google signals a transition away from SMS Since the beginning of 2017S

Experts say this move is not unexpected and is probably necessary for Google.

“Google is moving away from SMS-based input is an intelligent security step-although it may seem inconvenience at first, it is a necessary step towards stronger protection over CNET Amy Bun, an online safety defender at McAfee.

“Cybercrooks can distract phone numbers through SIM change, capture security codes and even lock people from their accounts,” Bun said. “That is why more companies, including Google, are transferred to more forthcoming login methods such as Passkeys and authentication applications.”

Rob Allen, Chief Product Officer of The Security Company Threatlocker, said SMS for two-factor authentication, “probably the least preferred 2FA (process). Although it is definitely better than No 2Fa, this is certainly at least sure.

Alan said the use of an authentic application application on a mobile phone is a much more secure way to use two-factor authentication.

“It’s nice to see companies move to a more secure environment,” he added.