Gmail to Stop Using SMS-Based OTP Verification: Here’s What You Need to Know
Many of us often forget our Gmail password and reset it using an OTP sent via SMS. This OTP allows us to regain access to our accounts. However, if you rely on this method to log into the Gmail app, there’s bad news for you. Google is changing its two-factor authentication (2FA) system, meaning users will no longer receive OTP via SMS.
This SMS-based verification was an option for users to confirm their identity, but it also had security risks. Due to these vulnerabilities, Google has decided to discontinue this method.
Why Is Google Removing SMS OTP Verification?
Gmail spokesperson Ross Richendrfer told Forbes that the primary goal behind this decision is to reduce SMS abuse globally. Instead of OTP via SMS, Gmail will now implement QR code-based authentication (Google QR).
With this new method, instead of entering a phone number to receive a code, users will scan a QR code with their smartphone to verify their identity. While it still requires a smartphone, it eliminates the risks associated with SMS-based verification.
Disadvantages of SMS-Based Two-Factor Authentication (2FA)
- SIM Swap Attacks: Criminals can trick mobile users into switching their phone numbers to different devices, preventing them from receiving security messages.
- Traffic Pumping Schemes: Hackers can exploit a system called “traffic pumping”, which allows them to send multiple SMS messages to numbers they control and profit from each text.
Since Google sends millions of SMS messages daily for verification, these vulnerabilities pose significant security risks. This is why Google has decided to transition to QR code authentication for better security and reliability.
