Google to Replace SMS Authentication with QR Codes for Gmail Authentication

by
Alpa Somaiya
from Techreport on (#6VJMF)
google-to-replace-sms-authentication-with-qr-codes-for-gmail-authentication-1200x686.jpg

Key Takeaways

  • Google is replacing SMS-based two-factor authentication (2FA) for Gmail with QR code scanning to enhance security and convenience.
  • The shift is driven by the increasing exploitation of SMS authentication by hackers through phishing, spoofing, and mobile carrier manipulation.
  • QR codes offer a more secure alternative, as they're unique to each session, cannot be intercepted, and eliminate risks tied to SIM card theft or fraud.
google-to-replace-sms-authentication-with-qr-codes-for-gmail-authentication-1200x686.jpg

A Gmail spokesperson recently confirmed that Google will let go of the current SMS two-factor authentication process. It'll bring in QR code scanning as a verification step instead, making the process more secure and convenient.

Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication - Ross Richendrfer, head of security and privacy public relations at Google

Currently, when you log in to your Google account on a device, you receive a six-digit authentication code on your registered phone number that you need to manually enter to complete the login process.

This SMS-based two-factor authentication process is a widely used method by apps and platforms to ensure extra security. However, with the recent increase in the abuse of SMS verification systems, it's evident that hackers have found multiple ways to exploit this tactic. Through phishing, spoofing, and other methods.

One common instance of scammers tricking users into getting their verification code is by calling them disguised as representatives of banks or big companies. Then, they ask for the verification code as an OTP to move forward with a fraudulent online process that likely doesn't lead anywhere legitimate.

Another concern is that SMS authentication relies on mobile carriers, and it's possible to manipulate the carrier itself. This would involve generating fake requests and making money through the messages sent, or even worse, deflecting such important private messages to cybercriminals.

Read more: Google will use AI to determine whether you're really 18+

Why Are QR Codes a Better Alternative?

Scanning a QR code will in all likelihood get rid of the security concerns mentioned above. The update is supposed to be rolled out soon.

It's also worth noting that this update aligns with Google's long-term security strategy to reduce dependence on SMS-based 2FA and move towards a more seamless and convenient security system that doesn't put passwords at the forefront of security.

Unlike SMS codes, QR cannot be intercepted. They're unique, meaning every user gets a different QR every time they initiate a session. Simply put, QR codes cannot be imitated that easily, either. Users will be required to scan the QR code displayed on the screen with their device's camera to authenticate the login.

This mechanism solves one more major issue with SMS-style verification. Stealing or losing the SIM card. Such an unfortunate incident so far meant losing access to your Google account, putting the account at the risk of being used by the person who has stolen the SIM. Not anymore, says Google.

QR codes make sure you're not dependent on your SIM, a small chip, for your digital privacy. It essentially puts the power back in your hands, as bad actors will now need physical access to your device to execute anything malicious.

In addition to Google, WhatsApp Web is one of the famous platforms known for using QR codes for logins.

The post Google to Replace SMS Authentication with QR Codes for Gmail Authentication appeared first on Techreport.

External Content
Source RSS or Atom Feed
Feed Location https://techreport.com/feed/
Feed Title Techreport
Feed Link https://techreport.com/
Reply 0 comments