In 2019, Google began shifting away from SMS-based two-factor authentication (2FA) to enhance security, aiming to eliminate reliance on text messages. A Forbes article from February 2025 reveals plans to replace SMS with a QR code system for user authentication. This change addresses vulnerabilities of SMS, such as SIM swapping, while promoting safer practices. The transition is expected to be user-friendly, given the public’s familiarity with QR codes, and will be implemented in the coming months.
Introduction to Enhanced Security Measures
Emerging in 2019, a significant shift in two-factor authentication (2FA) security was initiated by Google. The tech giant started moving away from the traditional method of sending temporary codes via SMS, opting instead for a more secure system that utilizes smartphone notifications. The primary goal was clear: eliminate the reliance on text messages for authentication.
Future Changes to Authentication Methods
Fast forward nearly six years, and it appears that the transition has not progressed as swiftly as Google envisioned. However, according to a Forbes article dated February 26, 2025, a promising update is on the horizon. Google is set to replace SMS with a QR code system that users will scan with their smartphones for authentication purposes.
A spokesperson from Google stated, “In the same way that we want to move away from passwords in favor of tools like passkeys, we want to abandon sending SMS for authentication.” This change is expected to significantly impact Gmail users, which includes millions around the globe.
Two-factor authentication, also referred to as two-step verification or strong authentication, enhances security by requiring not only a username and password but also a temporary code. This code can be received via SMS or generated through a dedicated app, providing an extra layer of protection for user accounts.
Addressing Vulnerabilities of SMS Authentication
While this secondary security measure is advantageous in minimizing the risks associated with compromised passwords, SMS-based 2FA does have its vulnerabilities. SMS messages are not entirely secure and can be intercepted, leaving them open to specific attacks, such as SIM swapping.
SIM swapping occurs when a malicious individual takes control of a victim’s phone number by swapping the SIM card to another device. This allows the attacker to receive the 2FA SMS, compromising the security of the account associated with that phone number.
Although having SMS-based 2FA is better than using only a username and password, the sensitive nature of webmail—where password reset requests are often sent—calls for a more robust security solution. Transitioning to QR codes eliminates the risks associated with SMS while also reducing the chances of falling victim to phishing attacks. Users will no longer “receive” codes that could be inadvertently shared if they are tricked by a scam.
As QR code usage has become increasingly widespread, particularly during the COVID-19 pandemic, the public’s familiarity with scanning these codes suggests that adapting to this new method may be seamless. However, this transition will take time, as Google indicated that the new verification process will be implemented “in the coming months,” ensuring that users will receive detailed communication about the changes ahead.