Google is shaking up its two-factor authentication system in Gmail.
In an exchange with Forbes, a Google spokesperson confirmed that the company is working on ditching SMS text messages as a form of account authentication in Gmail. For years, this has been one of the main ways to gain access to a Gmail account; you just enter your phone number, and then enter the six-digit code Google sends as a text message.
But, as Google puts it, the company will work to replace those with QR codes “over the next few months.”
Google’s stated reasons for doing this are understandable. SMS authentication is subject to phishing scams, and receiving a text message necessarily puts the end user’s service carrier in the mix as a middleman. Carriers all have different security practices, and more importantly, are fallible. In other words, there are clear and obvious security risks to having users input codes received as text messages for account authentication, and QR codes would eliminate some of those risks.
There’s no firm date for when this change will happen, but look out for it as we roll through 2025.
