Google has unveiled plans to roll out SMS-based two-factor authentication (2FA) for Gmail users, as growing concerns have been raised over the security threat posed by text message verification. Google has, for a long time, enabled users to protect their accounts through the sending of a code through SMS, but recent security weaknesses have prompted the move towards safer alternatives.
As per a statement by Gmail spokesperson Ross Richendrfer, the move to discontinue SMS support is prompted by the desire to “cut back on the effects of widespread, worldwide SMS abuse.” The company is attempting to rid itself of the threat from criminals who can intercept SMS messages, especially via techniques such as number porting and traffic pumping. Such methods allow hackers to steal text messages or even gain financially from SMS abuse, at the expense of user security.
To take the place of SMS, Google will introduce a more secure solution in the form of QR codes. Users will now scan a QR code using their smartphones to verify their accounts, rather than depending on text messages. Although this solution still insists on users possessing a phone for verification, it greatly improves security by circumventing the risks associated with SMS-based verification.
Though SMS-based 2FA was touted as an advancement over password usage alone, the security weaknesses have grown more apparent. For instance, SMS may be intercepted by bad actors who get mobile carriers to transfer telephone numbers to alternative devices, an activity referred to as “SIM swapping.” Such a weakness has been extensively utilized by criminals victimizing accounts safeguarded by SMS.
The shift to replace SMS with QR code authentication is part of Google’s broader drive towards stronger and more secure authentication. The firm, and other technology leaders, are moving to replace passwords with passkeys, although uptake for the new technology has been slow. In the meantime, QR code authentication provides a more secure, more stable alternative to SMS, while Google works on next-generation security solutions.
This move is a key development in cyber protection, evidencing the heightened necessity for robust security measures to combat increasingly clever online threats.
