February 25, 2025 – Google is reportedly set to phase out SMS-based authentication codes for Gmail, replacing them with QR code verification later this year. According to Forbes, which cited “privileged conversations with Google insiders,” the company plans to move away from text-based security measures in favor of a more secure authentication method.
Ross Richendrfer, Google’s head of security and privacy public relations, confirmed the change in a statement to CNET. He explained that the company is rethinking how it verifies phone numbers and will introduce QR code scanning as a more secure alternative. This method would eliminate the need for users to enter a code manually after their password, reducing the risk of interception by cybercriminals.
Eliminating Weak Links in Security
Google’s shift comes amid rising concerns over SMS-based vulnerabilities. Scammers have increasingly exploited network operators as weak points in security, using tactics such as SIM-swapping and “traffic pumping.” In SIM-swapping attacks, fraudsters hijack a victim’s phone number to bypass SMS-based security. Traffic pumping, on the other hand, involves scammers flooding service providers with SMS messages to numbers under their control, earning money when messages are successfully delivered.
By switching to QR-based authentication, Google aims to eliminate these attack vectors and enhance user security.
Google is not the first major company to abandon SMS authentication in favor of more secure alternatives. Over the past few years, X (formerly Twitter), Signal, Apple, and Microsoft have all transitioned to authentication methods like passkeys and app-generated one-time codes. These alternatives offer stronger protection against phishing, SIM-swapping, and other cyber threats.
With the growing adoption of passkeys and phishing-resistant authentication, Google’s move signals a broader industry shift toward eliminating outdated security practices. Users can expect further details from the company as the transition nears implementation.
