![](data:image/svg+xml;charset=utf-8,<svg height="513px" width="770px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Soon, there will be significant changes to the way your two-factor authenticated logins and Gmail account security are managed. Google has announced that it will no longer use text messages with 2FA codes to validate Gmail accounts. Instead, security measures like passkeys and QR codes that you can scan with your device will be used.
Google says that as scammers and fraudsters exploit the technology to spoof user accounts, SMS messaging for 2FA has grown more difficult, as previously reported by Forbes.
This was confirmed to CNET by Ross Richendrfer, Google’s head of security and privacy public affairs. Google would be “reimagining” how it checks phone numbers, he claimed. Instead of sending six-digit numbers via SMS, Gmail and other Google services will instead deliver a user-verifiable QR code.
“Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication,” Richendrfer said.
Eliminating phone carriers as a potential point of breach and cases of customers sharing their SMS code with a scammer who has deceived them are the objectives. According to Google, some con artists utilize SMS messages for a fraud known as “traffic pumping,” which enables them to receive payment for sending SMS messages.
According to Richendrfer, employing QR codes will lessen the likelihood of phishing attempts, curb worldwide SMS misuse, and minimize consumers’ dependence on their phone providers.
“SMS codes are a source for heightened risk for users – we’re pleased to introduce an innovative new approach to shrink the surface area for attackers and keep users safer from malicious activity,” he said.
In addition to its own security program, Google Authenticator, Gmail also employs various 2FA techniques, like directing users to the Gmail app to confirm their login.
An Essential Security Measure
Google is not the only business that has abandoned SMS for two-factor authentication. SMS was taken off of service by Evernote last year, and Signal, a secure messaging app, did the same in 2022. Microsoft, Apple, and X have also moved their users away from SMS. As early as 2017, Google began to indicate that it was moving away from SMS.
According to experts, the move is likely required for Google and is not surprising.
“Amy Bunn, an online safety advocate at McAfee, told CNET that Google’s decision to abandon SMS-based logins is a wise security move. Although it may initially seem like a hassle, it’s a necessary step toward stronger protection.”
“Cybercrooks can hijack phone numbers through SIM-swapping, intercept security codes, and even lock people out of their accounts,” Bunn said. “That’s why more companies, including Google, are shifting to safer login methods like passkeys and authentication apps.”
Two-factor authentication via SMS “is probably the least-preferred 2FA (process),” according to Rob Allen, chief product officer of the security firm ThreatLocker. Although having 2FA is unquestionably preferable than not having it, it is also the least secure.
Two-factor authentication is substantially more secure when done through a mobile authenticator app, according to Allen.
“It’s good to see companies moving toward a more secure environment,” he stated.
