Tech giant Google is set to introduce a major security upgrade for Gmail, replacing SMS-based authentication with QR code verification, aiming to boost account security and reduce risks associated with SMS authentication, which has become increasingly vulnerable to cyber threats.

Why is Google Replacing SMS Authentication?

Previously, Gmail users received two-factor authentication (2FA) codes via text message to verify their accounts. Since its introduction in 2011, the system has been widely used to protect user data. However, SMS-based authentication has become a major security risk, as cybercriminals have found ways to exploit it through scams, phishing, and SIM swapping.

Ross Richendrfer, Google's Head of Security and Privacy Public Relations, confirmed the report to CNET, stating, "Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication."

"SMS codes are a source for heightened risk for users - we're pleased to introduce an innovative new approach to shrink the surface area for attackers and keep users safer from malicious activity," he added.

The report was first published by Forbes.

Security Risks Of SMS-Based Authentication

Google aims to eliminate the risks associated with SMS-based verification, including

Phishing Scams - Attackers trick users into sharing their SMS codes.

SIM Swapping - Fraudsters clone SIM cards to gain access to accounts.

Traffic Pumping Scams - Hackers abuse online service providers to generate a huge amount of SMS messages to phone numbers they control. This fraudulent activity lets them generate revenue through access charges and intercarrier compensation.

Carrier Vulnerabilities - SMS messages can be intercepted or delayed, creating security loopholes.

By moving away from SMS authentication, Google hopes to improve security, prevent fraud, and reduce reliance on mobile carriers for account verification.

Are QR Codes Safer Than SMS Codes?

A QR code is a type of barcode that can be scanned using a smartphone camera. It stores information as a series of pixels in a square grid.

More Secure - Harder for hackers to intercept compared to SMS. This will also resist phishing activities as there will be no need to share security code with an attacker.

No Carrier Dependency - Eliminates risks from SIM swapping and network attacks.

Faster Verification - Reduces wait times and enhances user experience.

With this update, Google aims to improve security, reduce phishing attacks, and provide a safer way to verify Gmail accounts.

Although Google has not announced an official rollout date, the switch to QR-based authentication is expected in the coming months. Google is not the first company to move away from SMS-based 2FA. Over the past few years, major tech firms have adopted more secure authentication methods, including Apple, Microsoft, X/Twitter, and Signal.

As cyber threats continue to evolve, Google's move to QR-based authentication marks a significant step towards a password-free future. While many users may need time to adapt, the new system is expected to provide stronger security and greater protection for Gmail accounts.