Google is set to phase out SMS-based two-factor authentication (2FA) for Gmail users, replacing it with QR code verification, according to a Forbes report. This move aims to enhance security and reduce risks associated with phishing attacks and SIM-swapping fraud, where cybercriminals hijack phone numbers to intercept verification codes. Currently, Gmail users receive a six-digit code via SMS after entering their passwords—a system introduced in 2011 that remains widely used despite its vulnerabilities. The new QR code method will require users to scan a code with their smartphone cameras to verify their identity.

SMS-based 2FA, while better than no additional security, has become increasingly susceptible to cyberattacks. SIM swapping, where scammers transfer a victim’s phone number to a new SIM card to intercept verification messages, has led to numerous breaches. Additionally, phishing attacks often trick users into revealing their one-time SMS codes, further exposing the system’s weaknesses. Google’s shift to QR codes is part of a broader effort to adopt more secure authentication methods.

Google is not the first to abandon SMS-based 2FA. X (formerly Twitter) has also moved away from SMS verification due to concerns over SMS fraud, where attackers exploit telecom loopholes for profit. While Google has not announced an official rollout date, the transition to QR-based authentication is expected to occur over the next few months.

In addition to QR codes, Google already offers more secure login options, including Google Prompts, which send a pop-up notification to a registered device for login approval; authenticator apps like Google Authenticator or Authy, which generate time-based one-time passwords (TOTP); and physical security keys such as YubiKey for hardware-based authentication. These methods provide stronger protection against cyber threats compared to SMS-based systems.

The move to QR codes reflects Google’s commitment to improving user security and staying ahead of evolving cyber threats. As phishing and SIM-swapping attacks continue to rise, adopting more robust authentication methods is crucial to safeguarding user accounts. While the transition may require users to adapt to new processes, the enhanced security offered by QR codes and other advanced options will provide greater peace of mind in an increasingly digital world.