Google is planning to end support for SMS-based two-factor authentication in Gmail, Forbes reports. Sending a code to your personal phone via text message has long been an option Google offered to verify your identity, but it has unavoidable security issues the company wants to address.
The goal is to "reduce the impact of rampant, global SMS abuse," Gmail spokesperson Ross Richendrfer tells Forbes, and the solution, at least for now, is QR codes. Instead of entering your number and receiving a text with a code you need to enter, Google will throw up a QR code you need to scan with your phone. The reliance on your smartphone is still present, but now you don't have to rely on the lax security of SMS messages.
Using SMS two-factor authentication is better than nothing, but text messages aren't as secure as other methods. Criminals can intercept your message just by convincing your carrier to port your number to a new phone. By tricking a provider to send multiple SMS messages to a number a criminal operation controls in a process called "traffic pumping," they can even make money on each text, Google says. Considering the volume of SMS messages the company sends to both verify users and make sure people aren't bulk-creating accounts to send spam, it's not hard to see how SMS could be problem.
Ultimately, the goal for Google and other companies like it is to use passkeys and move away from passwords entirely, but adoption is slow, and making the current, much more familiar process secure is still meaningful.
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/gmail-will-stop-using-sms-for-two-factor-authentication-185615193.html?src=rss https://www.engadget.com/cybersecurity/gmail-will-stop-using-sms-for-two-factor-authentication-185615193.html?src=rssInicia sesión para agregar comentarios
