With around 1.8 billion active users worldwide, Gmail remains the most popular email service by far. Google was also one of the first to pioneer and popularize two-factor authentication (2FA).
You know those text messages with one-time numerical codes that you need to enter whenever you want to log in? Turns out, while 2FA itself is a great way to protect your online security, the SMS method for delivering codes is not. In fact, hackers can bypass SMS 2FA.
And that’s why Google is changing up the Gmail login process. According to an exclusive report by Forbes, Gmail is dropping SMS-based two-factor authentication in the near future. In its place, we’ll be getting QR codes, which are significantly more secure than SMS codes.
Ross Richendrfer, a Gmail spokesperson, told Forbes:
“Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication.”
This move is meant to curb the impact of rampant SMS 2FA abuse. While SMS codes are convenient, they can be spoofed by criminals who steal your SIM card or stolen via phishing tactics. They’re also at the mercy of your mobile service provider’s own security.
The switch from SMS to QR codes makes sense given the security concerns surrounding SMS 2FA codes. In addition, it’s common for phishing attempts to not only aim to take over email accounts but also gain access to your entire smartphone.
Unfortunately, Google hasn’t provided any specifics on how the new QR code logins will work. Presumably, Gmail will provide you with a QR code to scan using your phone or some other authentication app. We also don’t know exactly when the transition will take place. According to Google, they want to work on this “over the next few months.”
Further reading: Simple tips to make Gmail even more secure
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.
