Google Is Finally Dropping SMS Authentication for Gmail
February 25, 2025
Google plans to drop SMS messages as a two-factor authentication method for Gmail due to its insecure nature, marking the beginning of the end for this type of authentication.
Two-factor authentication has become a critical feature for all online services and the kind of functionality that any company should provide. Numerous 2FA methods are available, some better than others, but SMS 2FA is considered the weakest of them all, which is also why Google is moving away from it.
Of course, if SMS-based two-factor authentication is the only one available, it’s still better than using nothing at all.
SMS is not safe for authentication
According to Forbes, Google is well aware that SMS messages are abused on a global scale and that their services rely heavily on them at the same time. Unfortunately, criminals have multiple ways of getting their hands on 2FA security codes sent via SMS, such as SIM-swapping attacks for example.
Attackers can sometimes persuade mobile carriers to transfer the phone number to another device, essentially giving control over that number to a criminal. That also means that he’ll gain control of SMS messages sent as 2FA.
If we factor in that Gmail accounts are also used by multiple online services as a 2FA authentication method, it’s easy to see why Google would make significant changes.
A user losing access to the Gmail account can give a criminal access to many other online services. And everything started with an SMS message.
QR codes to replace SMS
The Forbes report also revealed that Google intends to replace SMS messages with QR codes. Users will have to scan the QR code with their phones, which also has a welcome side effect.
In some situations, fraudsters try to convince people, on a phone call or via messages, to give them the code the victims got via SMS. If Gmail asks for a QR code, it’s more difficult for a potential victim to send that to an attacker.
The timeline for these security modifications is not yet clear, but it’s expected to arrive in the next few months, likely in waves.
How to keep your Gmail safe
- Never give SMS two-factor authentication codes to anyone. There is no reason to share them, not even if the person asking for them seems to have a legitimate reason.
- Replace SMS-based 2FA with passkeys or authenticator codes (multiple apps are available).
- Use Bitdefender's security solutions on your devices that can detect all types of attacks.
tags
Author
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsRight now Top posts
Streamjacking Scams On YouTube Leverage CS2 Pro Player Championships to Defraud Gamers
February 20, 2025
How to Identify and Protect Yourself from Gaming Laptop Scams
February 11, 2025
Your Device ‘Fingerprint’ Will Go to Advertisers Starting February 2025
December 24, 2024
Beware of Scam Emails Seeking Donations for UNICEF or Other Humanitarian Groups
December 19, 2024
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
