Gmail 2FA is phasing out SMS for QR codes, a good piece of news for 2.5 billion active Gmail users

Google is making a major change to how nearly 2 billion Gmail users log into their accounts.

Over the next few months, as first exclusively reported by Forbes, the Mountain View tech giant will phase out six-digit SMS verification codes and replace them with QR codes that are accessible via your phone’s camera.

This move is posed to tighten Google’s security belt and reduce the risk of phishing attacks, where scammers trick people into revealing their login codes.

“Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication,” Google’s spokesperson Ross Richendrfer told the publication.

“SMS codes are a source of heightened risk for users,” Richendrfer said further, noting that the shift to QR codes will help “shrink the surface area for attackers and keep users safer from malicious activity.”

For years, SMS verification has been a key part of Google’s two-step authentication process. But as cyber threats evolve, SMS codes have become less reliable. Hackers can intercept them, and users sometimes don’t have access to the phone number linked to their account.

Earlier this year, The Guardian reported that flaws in the SS7 protocol, a 40-year-old technology, have allowed hackers to intercept SMS messages including 2FA codes to access accounts like Gmail.

In one case, bank customers in Germany were targeted in 2017 using this method. The issue persists due to SS7’s widespread use and telecom companies’ reluctance to address its weaknesses, despite warnings from security experts.