Stronger Security: Google Replaces SMS 2FA with QR Code Authentication

According to a Forbes story, Google plans to gradually phase out SMS-based two-factor authentication (2FA) for Gmail users in favor of a QR code verification method. The change is intended to improve security and shield consumers from phishing scams and SIM-swapping fraud, in which hackers use phone numbers they have stolen to obtain verification codes.

Currently, after inputting their passwords, Gmail users receive an SMS with a six-digit authentication code.  Despite being widely used since its launch in 2011, this approach is now more vulnerable to cyberattacks.  Scammers can intercept verification messages by using SIM swapping attacks to move a victim's phone number to a different SIM card.  Furthermore, phishing attacks deceive users into disclosing their one-time SMS codes, which compromises the security of this authentication method.

Users will soon be able to confirm their identification by using the camera on their smartphone to scan a QR code rather than an SMS code.  Although a formal rollout date has not been published by Google, the change is anticipated to occur in the upcoming months.

More secure authentication methods are already available from Google, such as:

• Google Prompts- a pop-up message that allows or rejects login attempts.
• Security Keys- YubiKey and other hardware-based authentication tools.
• Authenticator Apps- Google Authenticator and Authy both offer time-based one-time passwords (TOTP).

Whether phone call-based authentication will likewise be phased out is still unknown.

Information referenced in this article if from Business Today