Gmail to Replace SMS Authentication With QR Codes for Two-Factor Authentication

Google is finally dropping support for SMS-based login codes, which is widely considered an insecure form of two-factor authentication.

Written by David Delima | Updated: 25 February 2025 14:16 IST

Gmail to Replace SMS Authentication With QR Codes for Two-Factor Authentication

Photo Credit: Unsplash/ Solen Feyissa

Google will drop support for SMS authentication codes in the coming months

Highlights

Gmail is discontinuing support for SMS-based 2FA codes
The company first introduced support for SMS authentication in 2011
Google says it will eventually display a QR code when users try to log in

Google will drop support for SMS-based two-factor authentication (2FA) for Gmail, according to a report. The company will reportedly introduce support for quick response (QR) codes to replace SMS codes that are currently sent to Gmail users. The move is expected to increase the security of Google accounts, as malicious users can trick users into sharing their login codes received over SMS, bypassing the security offered by the 2FA system that is old, but still supported on several platforms.

Gmail to Drop SMS Authentication Codes to Combat SMS Abuse

According to a Forbes report, Google will roll out QR codes as a replacement for its SMS authentication codes in the coming months. The company currently sends users a six-digit code via SMS, which must be entered after providing the correct password when logging into a Google account. It was the first form of 2FA introduced by the search giant in 2011, and more secure options have been introduced in subsequent years.

Once the company phases out support for SMS-based 2FA codes, Gmail users will be presented with a QR code, which must be scanned using the camera app on their smartphone. The company believes that these QR codes will offer a more secure way to authenticate a user, after the correct password has been submitted.

Gmail Now Lets You Directly Insert Gemini’s Replies on Android

“SMS codes are a source of heightened risk for users. We're pleased to introduce an innovative new approach to shrink the surface area for attackers and keep users safer from malicious activity,” Gmail spokesperson Ross Richendrfer told the publication on Sunday.

Supporting access to SMS-based 2FA presents several security challenges — scammers can trick users into sharing SMS codes, or target specific users with "SIM swapping" attacks to get access to their phone number. Like X (formerly Twitter), Google is also looking to crack down on SMS fraud, where scammers prompt companies to send texts to specific numbers to receive money when each message is delivered.

Google currently allows users to receive the code via a phone call, instead of an SMS, and it is currently unclear whether this option will also be retired. The company usually displays a login prompt on a user's smartphone as a form of MFA, and users can tap a button to complete the login process. Google also supports time-based one time passwords (TOTP) supported on password managers or apps like Google Authenticator.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Google, Gmail, Two Factor Authentication, Multi Factor Authentication, SMS, 2FA, MFA

David Delima

Email David Delima

As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via... more »