![](data:image/svg+xml;charset=utf-8,<svg height="506px" width="750px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Google is preparing to phase out SMS-based two-factor authentication (2FA) for Gmail, as reported by Forbes. For years, users have relied on receiving one-time passcodes via text messages to verify their identity during login attempts. However, this method comes with inherent security vulnerabilities that Google now seeks to mitigate.
Ross Richendrfer, a Gmail spokesperson, explained to Forbes that the decision aims to combat the widespread abuse of SMS verification systems worldwide. To address this issue, Google plans to replace SMS-based authentication with QR codes. Instead of entering a phone number and receiving a verification code via text, users will be prompted to scan a QR code with their smartphone to complete the authentication process. While this still depends on mobile devices, it eliminates the security weaknesses associated with SMS.
Although using text-based two-factor authentication is better than relying solely on passwords, it remains one of the less secure verification methods. Cybercriminals can exploit SMS vulnerabilities by deceiving mobile carriers into transferring a victim’s phone number to a device under their control-an attack known as SIM swapping. Additionally, hackers can manipulate mobile networks using a technique called traffic pumping, where they trick service providers into sending multiple authentication messages to numbers they control, profiting from each text sent.
Given the enormous volume of SMS messages Google processes daily-both for account verification and preventing spam bots from mass-creating fake accounts-the company recognizes the need for a more robust alternative.
Ultimately, Google’s long-term objective is to eliminate traditional passwords entirely in favor of passkeys, a more secure and seamless authentication method. However, widespread adoption remains gradual, prompting the company to improve existing security measures in the meantime. By shifting away from SMS authentication, Google aims to enhance user security and data protection while paving the way for a more password-free future.
![](data:image/svg+xml;charset=utf-8,<svg height="250px" width="250px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
