Summary Google plans to replace SMS verification with QR codes due to phishing risks and security vulnerabilities exploited by scammers.

QR codes will eliminate the need to enter security codes when accessing a Gmail account.

Google has not provided a specific timeline for when this new verification system will be implemented.

While the SMS based authentication that Gmail uses to verify your identity during login is (usually) a reliable way for Google to confirm that the correct user is signing into Gmail, this method has some significant flaws. Because of that, the company is now planning to move away from SMS authentication and instead use QR codes.

Why Google plans to stop identity verification via SMS

In an interview with Forbes, Google spokesperson Ross Richendrfer stated that phishing is one of the main reasons the company plans to replace SMS code authentication with QR codes. Scammers can easily intercept SMS messages by embedding a link to a fake website within the message, along with instructions telling the user to enter the verification code on the fraudulent site to complete their Gmail login.

Fraudsters can also compromise mobile carriers’ security and gain access to the security code sent via SMS. Ending SMS verification will also help Google combat traffic-pumping scams, in which scammers exploit how SMS messages are billed by tricking service providers—Google, in this case—into sending multiple verification messages to specific phone numbers. Each time an SMS is sent to these numbers, the scammer receives a portion of the carrier’s payment. This scam was also one of the main reasons X recently disabled SMS-based two-factor authentication. Another major reason Google is considering switching to QR code authentication is that users may not have access to their registered phone numbers when they want to log in to Gmail.

How will QR codes be better than SMS messages?

While Richendrfer did not provide a specific timeframe for when QR codes will become the primary authentication method for Gmail, he did highlight several advantages of this approach over the current system. According to him, when users need to log into their accounts, they will scan a QR code instead of entering a verification code sent to their registered phone number. Since this process eliminates the use of security codes, it reduces the risk of phishing attacks. Additionally, using QR codes will completely remove traffic pumping fraud from the equation.

Until Google implements the QR code method, you can use 2FA apps instead of SMS verification. Using these apps ensures that you don’t have to worry about phishing attacks or traffic-pumping fraud. Furthermore, SMS messages can sometimes be delayed due to issues with your carrier. However, with two-factor authentication apps, you won’t have to worry about that, as you’ll always have access to your authentication codes.