Society

Gmail plans to abandon SMS codes for two-factor authentication

Google is preparing for drastic changes in the Gmail authentication system: the company plans to completely abandon the use of SMS codes for identity verification. This became known after an exclusive conversation with the company’s representatives, "Komersant Ukrainian" reports citing Forbes.

The reason for this decision is the high level of fraud associated with the use of SMS for account security.

Gmail’s official position: “We want to move away from SMS codes”

Gmail spokesperson Ross Richendfer confirmed that Google intends to gradually abandon SMS authentication.

“Just as we’re looking to replace passwords with passcodes, we want to move away from SMS codes for authentication,” he said,

– he said.

According to Richendfer, the company is already working on a new alternative that will minimize the risks associated with fraud on a global scale. Google plans to introduce QR codes for two-factor authentication, which should significantly reduce the level of abuse in this area.

Читайте нас у Telegram: головні новини коротко

Why is Google abandoning SMS codes?

Google uses SMS verification for two main purposes: user security and anti-fraud. In the first case, SMS is used to verify the user’s identity, and in the second case, to prevent the mass creation of fake accounts that fraudsters can use to distribute spam and malware.

However, this method has serious drawbacks, as described by Ross Richendfer and his Google colleague Kimberly Samra:

• SMS codes can be intercepted through phishing attacks;
• the user does not always have access to the device to which the messages are sent;
• protection depends on the security policy of the mobile operator.

“If a fraudster can trick a mobile operator and gain access to a user’s phone number, then any security value of SMS codes disappears,”

– Richendfer explained.

SMS-based fraud: how traffic pumping works

Fraudulent schemes, in particular the so-called “traffic pumping” (artificial increase in traffic), are another good reason for refusing SMS authentication. According to Google representatives, this technique has become popular in recent years. Its essence lies in the fact that attackers create a large number of SMS requests to their own numbers, receiving payment for each delivered message.

Such frauds cause significant financial losses to companies that send confirmation SMS and create additional risks for users. Google believes that the introduction of QR codes will help eliminate these threats and provide a more reliable authentication system.

Thus, the abandonment of SMS codes will be another step by Google to improve user security and protect against fraudulent schemes on a global scale.

Reading now

Taxes in exchange for loans: how Ukraine will pay for cooperation with the IMF

Putin expands army to 2.4 million: what’s behind the Kremlin’s decision and will it change the situation on the front lines?

A new stage of mobilization: what changes are being prepared by the Ministry of Defense and what conscripts should expect

“Criminal Procedure Code Reform” Under the NABU and SAPO: How the Rada Is Responding to Legislative Proposals by Klymenko and Kryvonos