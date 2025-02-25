In a change to how two-factor authentication logins are managed in order to provide better protection against scammers, Google will soon stop sending codes via text message to verify Gmail accounts and instead rely on QR codes that users can scan using their devices

Ross Richendrfer, head of security and privacy public relations at Google, confirmed the new development to CNET.

“Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication,” he said.

Richendrfer says that over the next few months, Google will be “reimagining” how the company verifies phone numbers.

Gmail as well as other Google services are expected to shift from texting six-digit codes over SMS to generating a QR code that a user would verify.

Doing so would eliminate instances of scammers asking users to share their SMS code.

It will also help Google to avoid a scam called traffic pumping where fraudsters try to get online service providers to originate large numbers of SMS messages to numbers they control, getting paid every time one of these messages is delivered.

The new method therefore will also eliminate phone carriers as a possible point of breach.

“SMS codes are a source for heightened risk for users – we’re pleased to introduce an innovative new approach to shrink the surface area for attackers and keep users safer from malicious activity,” he said.

Gmail’s other current 2FA methods besides SMSs include sending a user to the Gmail app on their devices to verify a login as well as its own Google Authenticator security software.

Other companies such as Apple, X and Signal have also removed SMS authentication as a means to verify an account.