You will soon see a big change in the way your Gmail account is secure and your two -factors authenticated connections are processed. Google said it was planning to stop sending 2FA codes by SMS to check Gmail accounts in favor of safety tools such as Passkeys and QR codes that you scan with your device.
Google says that SMS messaging for 2FA has become more and more problematic, because reported earlier by ForbesAs crooks and fraudsters use technology to usurp user accounts.
Ross Richendrfer, head of public security and confidentiality relations at Google, confirmed it to Cnet. He said Google “reinvents” how the company checks the phone numbers. Gmail and other Google services will send six -digit codes to SMS to sending a QR code that a user can check.
“Just as we want to go beyond passwords with the use of things like Passkeys, we want to move away from sending SMS messages for authentication,” said Richendrfer.
The objective would be to eliminate user cases sharing their SMS code with a crook who deceived them and eliminate telephone operators as a possible violation point. Some crooks, known as Google, use SMS messages for a scam called “traffic pumping” which allows them to be paid for SMS messages.
Richendrfer says that the use of QR codes will reduce the risks of phishing, will reduce global SMS abuses and make users less dependent on their telephone operators.
“SMS codes are an increased risk source for users-we are happy to introduce a new innovative approach to reduce the surface of attackers and keep users more safe from malware,” he said.
Gmail also uses other 2FA methods such as sending a user to the Gmail application to check a connection as well as their own security software, Google Authenticator.
A decision necessary for security
Google is not the only company to move away from SMS for 2FA. Last year, Evernote has deleted SMS from its serviceAnd the secure messaging application signal deleted it in 2022. X, apple And Microsoft have also transformed SMS users. Google reported a transition far from SMS Since 2017.
Experts say that this decision is not unexpected and probably necessary for Google.
“Google moving away from SMS -based connections is an intelligent safety step – and even if it may seem a drawback at first, this is a necessary step towards stronger protection, said Amy Bunn, an online security defender at McAfee, told CNET.
“Cybercrooks can divert phone numbers via the exchange of simbuels, intercept the security codes and even lock people from their accounts,” said Bunn. “This is why more companies, including Google, move to safer connection methods like Passkeys and authentication applications.”
Rob Allen, Director of Products of the Security Company, ThreatLocker said that SMS for two -factor authentication, “is probably the least favorite 2FA (process). Although it is certainly preferable to have the 2FA, it is certainly the least secure.”
Allen has said that using an Authenticator application on a mobile phone is a much safer way to use two -factor authentication.
“It is good to see companies travel to a more secure environment,” he added.
