Latest Top Posts

a-simple-twist-convinced-me-the-pixel-buds-pro-2-are-better-than-i-ever-thought

A Simple Twist Convinced Me The Pixel Buds Pro 2 Are Better Than I Ever Thought

i-never-click-any-link-on-my-android-phone-without-using-this-app-first

I Never Click Any Link On My Android Phone Without Using This App First

you-can-soon-shop-for-pixel-devices-at-google’s-new-santa-monica-store

You Can Soon Shop For Pixel Devices At Google’s New Santa Monica Store

take-a-closer-look-at-oppo-find-n5-via-10-official-videos

Take A Closer Look At OPPO Find N5 Via 10 Official Videos

samsung’s-tri-fold-phone-could-take-longer-than-expected-to-arrive

Samsung’s Tri-Fold Phone Could Take Longer Than Expected To Arrive

Google Shares Details On Its Plan To Ditch SMS Codes, And Here’s How It’ll Work

Gmail Google News Add Comment 3 Min Read
google-shares-details-on-its-plan-to-ditch-sms-codes,-and-here’s-how-it’ll-work
Google Shares Details On Its Plan To Ditch SMS Codes, And Here’s How It’ll Work
Gmail for iOS defaulting to All Inboxes folder

C. Scott Brown / Android Authority

TL;DR

  • Google will soon phase out SMS-based two-factor authentication in favor of QR codes.
  • The company will use various techniques, including attempting to verify the user’s number directly with their carrier using the user’s mobile device. In some cases, users will have to send an SMS to Google instead of Google sending an SMS code to them.
  • Users will have fallback authentication mechanisms available, but they’ll still need a phone.

RCS has replaced SMS for most communication needs, but SMS continues to remain useful for some use cases, like two-factor authentication. Not for long, though, as companies like Google have already announced plans to phase it out in favor of QR codes. We now have more details from Google on its impending swap from SMS to QR codes.

Google spokesperson Ross Richendrfer reiterated that SMS is mainly used as a security and anti-abuse check, but there are plenty of security challenges, like phishing and traffic pumping. Consequently, Google plans to reimagine how it verifies phone numbers over the next few months. Instead of entering their phone numbers and receiving a six-digit code over SMS, users will see a QR code they need to scan with their phone camera.

Google tells us that the user’s mobile device will attempt to verify their number directly with their carrier. The company will use various techniques for this, depending on the options supported by the carrier. In certain cases, this could result in an SMS message sent from the user’s phone to a Google number. This will be different from Google sending an SMS code to the user, which is easier to phish by social engineering.

See also  Review: The Galaxy S25+ Is The Same, But The Vibes Are Much Different

But will fallback authentication methods be available if the user cannot access a mobile phone? Google answers no. Since access to a phone is needed to receive SMS messages even now, the requirement for having a mobile device won’t change.

What if the user is authenticating Gmail on a new mobile device? Google says that as long as the user is using the same mobile number on the new device, they will be able to authenticate. If not, they will have to fall back to other mechanisms.

We’ll have to wait for the QR code rollout to assess how these mechanisms help protect users from SMS-related security concerns. We’ll keep you updated when we learn more.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it’s your choice.

Tags: