- Google Removes SMS messages as an approval option
- It is replaced with QR codes on the screen
- Removal of SMS Authorization reduces the risk of phishing and fraud
Google officially moves away from using SMS messages on its Gmail account two-factor authentication.
Gmail -Talmands Ross Richendrfer told Forbes“We will move away from sending SMS messages to approval” to “reduce the impact of violent, global SMS abuse.”
SMS approval codes can be easily captured by hackers by simply porting your phone number to a new device -just one of the many security issues that plague SMS messages for approval.
QR codes to replace gmail sms -approval
Google will instead introduce QR codes on the screen to be scanned with your chosen approval device to verify that you are actually trying to log in. This potentially adds an additional layer of biometric security for those using a face recognition or fingerprint scan to access their device or applications.
QR codes will also solve two other concerns related to SMS approval methods. The first is that QR codes are more phishing resistant as there will no longer be a security code to share with an attacker. The other is the approval will no longer be dependent on the telephone provider’s abuse and fraud protection.
Authentication will still depend on the user having access to their mobile device but removes a significant amount of the risk of abuse. For Google, it’s also a win as it cuts down on threat actors who are able to run ‘traffic pump’ campaigns.
In these campaigns, criminals will abuse online service providers to generate a huge amount of SMS messages for telephone numbers they control so they can generate revenue through access fees and InterCarrier Compensation.
In the future, Google hopes to move to a fully Baskey -supported authentication system, but the move from passwords to Pakeryyer has not been as fast as Google had hoped, despite their best efforts to convince users to change.
