Google is making a major change to its authentication process, replacing SMS verification codes with QR codes for Gmail logins.
This shift is part of the company’s broader efforts to enhance security and improve user experience, especially amid growing concerns over phishing attacks and SIM-swap fraud.
The update, as reported previously, marks a move away from traditional two-factor authentication (2FA) methods that rely on text messages.
Instead of receiving a one-time passcode via SMS, users attempting to log into Gmail on a new device will now be prompted to scan a QR code with an already signed-in device, such as a smartphone or tablet. This approach adds an extra layer of security by reducing reliance on SMS, which has been increasingly exploited by hackers.
Google’s decision to phase out SMS-based authentication is driven by the vulnerabilities associated with text message-based verification. Cybercriminals have found ways to intercept these codes through phishing schemes or SIM-swapping attacks, where they fraudulently transfer a victim’s phone number to another device to gain access to their accounts.
By switching to QR code-based authentication, Google aims to minimize these risks and provide a more secure, seamless login experience.
The QR code authentication method works similarly to how users link their WhatsApp or Telegram accounts to a desktop version.
When users attempt to sign in on a new device, they are shown a QR code on the login screen. Scanning this code with an authenticated device confirms the login request, eliminating the need for an SMS-based verification code.
For most users, this change is expected to streamline the authentication process. Since many people already use their smartphones for multi-factor authentication through apps like Google Authenticator or security keys, the transition to QR codes should be relatively smooth.
However, users who rely solely on SMS for 2FA may need to adapt to the new system by ensuring they have an alternative device ready for authentication.
Google has not specified an exact timeline for when SMS-based authentication will be fully deprecated, but the company is encouraging users to adopt QR code verification as soon as possible.
This move aligns with broader industry trends pushing toward more secure, phishing-resistant authentication methods, such as passkeys and biometric verification.
