Google is now planning to phase out the use of SMS authentication for Gmail, and the company is looking towards using other methods that are far safer and more convenient than text messages.
Various methods were already introduced by Google to bolster their two-factor authentication (2FA) tools, with the likes of QR codes and passkeys helping improve the experience for users looking for a more secure verification method.
Gmail SMS Authentication Is Shutting Down as It's 'Unsafe'
A recent report from Forbes (via CNET) claimed that Google is now on a mission to remove the SMS method as a way to authenticate Gmail logins across its user base. It was later confirmed by Google's head of security and privacy public relations, Ross Richendrfer, that the company plans to move away from relying on SMS authentication.
Richendrfer related this move from SMS to be similar to its goal to be password-less, with the company known for being one of the earliest ones to adopt passkeys when it was introduced.
The move will happen over the next few months, according to the Google executive, with the company also "reimagining" how they verify phone numbers, which will ultimately lead to Gmail and other services no longer texting users six-digit codes.
Gmail 2FA Tools: QR Codes, Passkeys to Replace SMS
The alternatives that Google has in mind include the use of QR codes, which will help the user verify their logins to Gmail and other Google platforms. There is also the passkey, which will allow users to use their biometrics to authenticate a login.
One of the main reasons why Google is making a switch is because of the rising cases of SMS spam and illicit activities, a manifestation that bad actors have taken advantage of text messages.
Google's Authentication Methods For Accounts
SMS verification was once the pinnacle of two-factor authentication, but that did not last long as it exposed users to significant problems where their phone numbers are shared with third parties that are spamming them with messages.
Because of this, Google developed the Authenticator app, which gives users the 2FA codes they need without receiving them via SMS, but it was criticized for not being end-to-end encrypted (E2EE).
Moreover, Google has been one of the earliest to adopt the passkey method of authentication, with the company wanting to eliminate the need for a username-password login and the need to authenticate it every time.
Through passkeys, users only need to log in for one last time and use their biometric scans to authenticate further access, making it the default for all sign-ins.
From two-factor authentication to password-less logins, Google has made it so that users get different methods of secure ways to access their accounts across its platforms, especially for those that include sensitive information.
As spam and threats seems to be rampant on SMS, Google no longer thinks that it is fit to authenticate Gmail logins, with the company resorting to new tools for future sign-in needs.
