You will soon see a big change in the way your Gmail account is secured and the announcement of two factors authenticated. Google said it plans to stop sending 2FA codes through a text message to check Gmail accounts in favor of security tools such as Passkeys and QR codes you would scan with your device.
Google says SMS messages for 2FA have become increasingly problematic, as previously reported by ForbesBecause fraudsters and fraudsters use technology to deceive user accounts.
Ross Richenderer, head of security and privacy in Google, has confirmed this at CNET. He said Google would “re -examine” how the company confirms the phone numbers. Gmail and other Google services will switch from six-digit codes through SMS messages to sending a QR code that the user can confirm.
“Just as we want to move passwords using things like Passkeys, we want to get away from sending SMS authentication,” Richardfer said.
The goal is to eliminate examples of users who share their SMS -code with a cheat that deceives and eliminate telephone carriers as a possible point of breach. Some fraudsters, Google says, use SMS for fraud called “traffic pump” that allows them to pay for SMS.
Richendrfer says the use of QR -codes will reduce the risks of phishing, reduce global SMS abuse and make users less relying on their phone carriers.
“SMS Codes are a source of increased risk for users – we are pleased to introduce an innovative new approach to reducing the attackers and keeping users safer than malicious activity,” he said.
Gmail also uses other 2FA methods, such as sending a Gmail application user to confirm the login as well as its own security software, Authenticator Google.
A necessary move for security
Google is not the only company that moved from SMS to 2FA. Last year, Evernote remove SMS from its serviceand the app for secure messages The signal removed it in 2022. X, apple And Microsoft We also transferred users out of SMS. Google signals transition from SMS As early as 2017.
Experts say the move is not unexpected and is probably necessary for Google.
“Google departs from SMS-based announcements is a smart security step-and although it may seem like any inconvenience, it is a necessary step towards stronger protection,” said Amy Ban, an internet security agent in McAfi, for CNET.
“Cyber-groups can kidnap phone numbers through a SIM exchange, intercept security codes, and even lock people out of their accounts,” Ban said. “That is why more companies, including Google, are moving to safer methods of login such as Passkeys and authentication applications.”
Rob Allen, the chief product officer at the security company DECARDLOCKER, said that SMS for two factors authentication, “is probably the least preferred 2FA (process). Although it is definitely better to have from No 2FA, it is certainly the least safe. “
Allen said using an application for an authenticator on a mobile phone is a much more safe way to use two factors authentication.
“It is good to see companies moving to a more secure environment,” he added.