Gmail users will soon see a major change in the way their accounts are secured and how they are dealt with with their two-factor authenticated logins. Google plans to stop sending 2FA codes through a text message to check Gmail accounts in favor of security tools, such as Passkeys and QR codes that users would scan with their devices.
Google reveals that the use of SMS messages for 2FA has become problematic because fraudsters and fraudsters use technology to deceive customer accounts. The news was First reported by Forbes.
Ross Richenderer, public relations chief of security and privacy at Google, confirmed the report to CNET.
“Just as we want to move passwords by using things such as Passkeys, we want to get away from sending SMS authentication,” he said.
According to Richendrfer, in the next few months, Google will “rethink” as the company confirms the phone numbers. Gmail and other Google services will switch from six-digit codes through SMS messages to sending a QR code that the user would confirm.
The goal would be to eliminate examples of users who share their SMS -cheated cheat that cheated and eliminating telephone carriers as a possible point of breach. Some fraudsters, Google says, use SMS for fraud called “traffic pump” that allows them to pay for SMS.
Richendrfer says the use of QR -codes will reduce the risks of phishing, reduce global SMS abuse and make users less relying on their phone carriers.
“SMS Codes are a source of increased risk for users – we are pleased to introduce an innovative new approach to reducing the attackers and keeping users safer than malicious activity,” he said.
Gmail also uses other 2FA methods, such as sending a Gmail application user to confirm the login as well as its own security software, Authenticator Google.
Necessary move
Google is not the only company that moved from SMS to 2FA. Last year, Evernote remove SMS from its serviceand the app for secure messages The signal removed it in 2022. X, apple and Microsoft We also transferred users out of SMS. Google signals transition from SMS As early as 2017.
Experts say the move is not unexpected and is probably necessary for Google.
“Google departs from SMS-based announcements is a smart security step-and although it may seem like any inconvenience, it is a necessary step towards stronger protection,” said Amy Ban, an internet security agent in McAfi, for CNET.
“Cyber-groups can kidnap phone numbers through a SIM exchange, intercept security codes, and even lock people out of their accounts,” Ban said. “That is why more companies, including Google, are moving to safer logging methods such as Passkeys and authentication applications.”
Rob Allen, the chief product officer at the security company DECARDLOCKER, said that SMS for two factors authentication, “is probably the least preferred 2FA (process). Although it is definitely better to have from No 2FA, it is certainly the least safe. “
Allen said using an application for an authenticator on a mobile phone is a much more safe way to use two factors authentication.
“It is good to see companies moving to a more secure environment,” he added.