Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Android Central
Android Central
Technology
Nickolas Diaz

Google says it wants you to sign into Gmail with QR codes, not SMS

Gmail in light mode on Pixel 6 Pro.

What you need to know

  • Google confirmed today (Feb 24) that it will soon fade out its SMS code sign-in method for Gmail in favor of QR codes.
  • The company says QR codes will offer a little more robust security as SMS codes are more prone to "phishing."
  • Google reiterated the same sentiment during its first introduction of passkeys for personal accounts.

Today (Feb 24), Google states it is moving to remove SMS security codes for Gmail in replace of something a little stronger.

A statement via a Gmail spokesperson to Forbes reads, "...we want to move away from sending SMS messages for authentication." As a result, Google is now interested in displaying a QR code for users attempting to securely sign in to their Gmail accounts. Spokesperson Ross Richendrfer informed the publication that this will begin "over the next few months."

QR code sign-in will be a part of Google's new vision for "verifying phone numbers." While users will need to scan the code with their phone's camera, the company states this new security method will assist users in two ways.

First, Google says a QR code will help reduce the risk of phishing as users won't be "tricked into sharing their security codes with a threat actor." The company adds QR codes will also reduce the "reliance" users have on their "phone carrier for anti-abuse protections."

This second point was highlighted by Richendrfer and Google's Kimberly Samra, who state SMS with a security code isn't all that safe. They add that, with SMS codes, users run the risk of a malicious person gaining a hold of their phone number. If that's done, all "security value of SMS goes away." Google says SMS codes are at the "heart" of many criminal operations around the world, forcing this issue (in its eyes) even more.

Aside from "over the next few months," Google didn't tell Forbes when users can see this change rollout. However, there will likely be more obvious statements/announcements from Google when it happens. The company teased more will happen "in the near future."

(Image credit: Nick Sutrich / Android Central)

Google's been kicking its security strength up a notch ever since it made passkeys the default option for personal accounts. The company touted passkeys were 40% faster than passwords and were developed by the FIDO Alliance. More importantly, passkeys rely solely on your device's various authentication methods like fingerprint, face ID, or PIN. Like what it's trying to do with the SMS, QR code swap, Google says passkeys can't be phished or stolen.

In short, your credentials won't be stolen over an internet connection.

Google rolled out a few more enhanced security features for users a few months before passkeys, involving a Dark Web report. The feature arrived for Gmail and let users lean on it to see if their email addresses had been leaked/exposed on the dark web.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.