Google is making a big change in the way you log into your Gmail accounts and phasing our SMS-based 2-factor authentication system in favor of a more secure QR code-based authentication.
Ross Richendrfer, Google’s Head of Security PR, confirmed the move, stating that it aims to strengthen account security while reducing reliance on vulnerable SMS codes.
This move is in line with the industry trend of moving away from traditional SMS-based authentication systems, which are susceptible to phishing attacks and other security vulnerabilities.
Security risk of SMS-based authentication systems
Some of the risks associated with SMS-based authentication include
- Phishing Scams – Attackers trick users into revealing their SMS codes.
- SIM Swapping – Fraudsters clone SIM cards to hijack accounts.
- Traffic Pumping Scams – Hackers exploit online services to flood phone numbers they control with a huge number of SMS, generating illicit revenue through access fees and intercarrier compensation.
- Carrier Vulnerabilities – SMS messages can be intercepted or delayed, creating security loopholes.
Why QR Codes?
Google’s move to QR code-based authentication is driven by several key advantages over SMS-based verification:
- More Secure – Unlike SMS codes, QR codes are significantly harder for hackers to intercept. They eliminate the risk of phishing attacks since users don’t have to share security codes that attackers could exploit.
- No Carrier Dependency – QR-based authentication removes reliance on mobile carriers, reducing risks associated with SIM swapping, network-based attacks, and SMS interception.
- Faster Verification – Scanning a QR code provides instant authentication, eliminating delays from SMS delivery issues and enhancing the user experience.
While Google hasn’t officially announced a date for the shift, the new authentication system is expected to be live by the second half of 2025.
What do you think about this move? Have you had any experience with QR based authentication system?