Google has announced a big change to enhance security. They will no longer use SMS-based two-factor authentication (2FA) for Gmail and will instead use more secure methods for verification. It will be phased in over the next few months and is all part of Google’s transition to enhance text message authentication.
Why is Google dropping SMS codes?
SMS 2FA has been a widely used means of online account security for years, yet security professionals have continued to point out its vulnerabilities. SIM swapping, a form of cyber attack where a victim’s phone number is taken over by porting it to another SIM card, is one of the main issues. This provides attackers with the capability to intercept one-time passcodes delivered by SMS, with the possibility of unauthorized access to secure accounts.
Also, SMS messages are intercepted using other means, such as by malware or by the vulnerabilities of the mobile network. Knowing these weaknesses, Google has opted to employ other safer means.
What Are the Alternatives?
Google would prefer people to use better methods to log in, i.e.:
- Google Authenticator App: This produces time-based one-time passwords (TOTP) that expire after a time period and hence are less susceptible to interception.
- Google Prompt: A push notification app that allows users to authenticate sign-ins with a single tap on their registered devices.
- Passkeys: A fairly recent authentication technique that does away with passwords altogether and utilizes biometric information or PINs held on a user’s device.
- Physical Security Keys: USB or NFC-based keys that must be physically plugged in or present to log in. They offer one of the most secure means of securing your accounts.
What happens to users from this change?
The majority of users will not even notice, since Google has already been backing other 2FA methods. Those who continue to use SMS codes will receive notifications requesting them to change. Google has assured users will be assisted to configure an alternative, more secure method to sign in.
This move is in tune with a wider trend across the tech sector, where large players are abandoning SMS-based verification due to its weakness. Microsoft and Apple are also making a push towards password-less security solutions that are more secure.
What do you do next?
If you already have SMS-based 2FA enabled on your Google account, follow these steps now:
- Verify Your Account Security Settings: Visit Google’s security page in order to observe your present sign-in settings.
- Use a More Secure 2FA Method: Google Authenticator, passkeys, or security keys are options for greater security.
- Be cautious of phishing attacks: Cybercriminals usually exploit security updates by sending you false alerts or requesting your login credentials. Always verify messages before taking any action.
Final Thoughts
SMS-based authentication was an excellent means of providing an additional layer of protection, but its shortcomings have recently become more obvious. Google opted to discontinue the use of SMS codes, which serves to guard user accounts against emerging cyber threats. Users can safeguard their Gmail accounts in a more digital era by adopting more secure authentication practices.
