Google Ditching SMS 2FA for Gmail: A Security Upgrade
Google plans to end support for SMS-based two-factor authentication (2FA) in Gmail, citing security concerns. This move aims to combat widespread SMS abuse, a problem impacting both users and Google's systems. The current method of receiving a verification code via text message is vulnerable to interception and manipulation by criminals, including "traffic pumping" schemes where malicious actors profit from redirecting SMS messages.
Instead of SMS, Google is transitioning to QR code-based authentication. Users will scan a QR code generated by Gmail with their smartphone's camera to verify their identity. While still reliant on smartphones, this approach mitigates the security risks associated with SMS. Although QR codes offer improved security, Google's ultimate goal is wider adoption of passkeys as a passwordless authentication method.
While SMS 2FA offers some security, it's less secure than alternatives like authenticator apps or security keys. The shift reflects a broader industry trend towards stronger authentication methods to protect user accounts from increasingly sophisticated attacks. The change is expected to improve the security posture of Gmail accounts and protect users from SMS-based attacks.
Source: Engadget