Google is set to phase out SMS codes for multi-factor authentication (MFA) in Gmail, opting for QR codes instead, as reported by Forbes. This shift responds to rising cyber threats that exploit SMS codes, such as SIM swapping and social engineering attacks. A company spokesperson emphasized that SMS codes, while marginally secure, pose significant risks that have led to their exploitation. Rishi Bhargava from Descope lauded this decision as overdue and pivotal for the security industry, reinforcing the need for stronger authentication methods amid vulnerabilities in SMS-based systems.
Google's decision to abandon SMS authentication is a watershed moment in security, but it's unsurprising, given that SMS has been the weakest link in MFA for years.
The primary weakness of SMS code authentication is that attackers trigger the MFA process to intercept the one-time passcode and use this to compromise accounts.
SMS verification also plays a role in ensuring cyber criminals cannot abuse its services for malicious purposes, but has been exploited in scams like SIM swapping.
While SMS codes are better than no authentication, they are vulnerable to phishing, SIM swapping, and real-time interception attacks that bypass traditional MFA.
Collection
[
|
...
]