Google to drop SMS authentication for Gmail logins, will replace it with this

Gmail logins are about to get more secure thanks to a new move by Google.

Citing insider sources, including a lead security spokesperson for the company, Davey Winder of Forbes claims that Google will soon nix SMS authentication for Gmail logins. Instead, the search giant will opt for QR codes to verify logins to its free email service. 

In a "privileged conversation with Google insiders," Winder learned that Gmail will soon use QR codes for login validation in an effort to prevent bad actors from abusing the aging SMS system. SMS is a notoriously insecure system for communication; hackers and other malicious parties have been able to spoof phones, phish for numbers, and obtain messages sent via SMS (including verification codes) for many years.

Ross Richendrfer, Google Workspace's Head of Security and Privacy PR, said that the move to QR code validation will "reduce the phishing risk of Gmail users" and eliminate the security measures (or lack thereof) of users' phone plan providers. Instead of receiving a 6-digit code in a simple text message, users would need to scan a QR code generated when they log into their Gmail account on a new device. As such, this would remove many of the avenues through which a malicious party could intercept a login code.

There's little other information regarding the move to QR codes. Notably absent is any hint of the timeframe for the new practice, though Richendrfer told Winder to "look for more from us in the near future." In lieu of the rumored QR codes, users can always opt for more secure methods such as passkeys or physical two-factor authentication devices (like the Yubikey 5C NFC USB-C key, available on Amazon for $55).