Google is about to overhaul the login procedure for nearly 2 billion Gmail users as part of a major security update to its email service.
The current method of sending an SMS text message to verify a user’s identity will be phased out “over the next few months”, with a new QR code system replacing it.
The switch is aimed at reducing the impact of “rampant, global SMS abuse”, a spokesperson told Forbes. The Independent has reached out to Google for confirmation.
“Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication,” Ross Richendrfer, who works on security and privacy issues at Google, told Forbes.
“Over the next few months, we will be reimagining how we verify phone numbers. Specifically, instead of entering your number and receiving a six-digit code, you’ll see a QR code being displayed, which you need to scan with the camera app on your phone.”
Two-step verification has become mandatory for the roughly 1.8 billion Gmail users around the world, with SMS text messages used to confirm that a user is the person they claim to be.
While it is much safer than a password by itself, fraudsters have still managed to discover ways to bypass this security feature.
One method is through phishing attacks, where cyber criminals trick people into sharing the security codes by posing as someone from Google or their phone carrier.
Google said there has also been issues with users not having access to the device that the SMS verification code is sent to.
“SMS codes are a source of heightened risk for users,” Mr Richendrfer said.
“We’re pleased to introduce an innovative new approach to shrink the surface area for attackers and keep users safer from malicious activity.”