Nobody really loves SMS these days; itโs being phased out in favor of RCS. And now the tech industry is shifting away from SMS for authentication as well. For what itโs worth, SMS can be pretty insecure, which is one of the many reasons why Gmail is looking to switch to QR codes, according to a spokesperson who spilled the beans on whatโs coming next.
Gmail will soon opt for QR code authentication, ditching SMS codes
Instead of sending a six-digit SMS code, Gmail will let users scan a QR code with their camera. This will help reduce the risk of phishing, as there wonโt be a code to steal or share with attackers.
โJust like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication,โ Gmail spokesperson Ross Richendrfe told Forbes.
While using SMS codes for two-factor authentication is definitely better than not using any, theyโre still vulnerable to phishing attacks. As a tech journalist who reads news all day long, I can tell you that some apps (with the right permissions) can access your SMS messages. There have been several reports of apps that can even read your OTP codes. So, if Gmail switches to QR codes instead of SMS, it would be a step in the right direction.
โIf a fraudster can easily trick a carrier into getting hold of someoneโs phone number, any security value of SMS goes away,โ Richendrfer added.
SMS also depends on your phone carrierโs security, so if someone steals your phone number, SMS codes offer little protection. Google hasnโt shared full details about how QR code authentication will work. So for now, all that we know is that Google is working on this change. The exact timeline for when SMS verification will be phased out remains unclear, too.
