Ever since Google enable two - dance step check for Gmail and other tie authentication protocols in its ecosystem , SMS codes have been a mainstay . But according to security analysis , SMS codes are notoriously insecure , specially when the communicating distribution channel is not cipher . That is at last about to change , as SMS codes will soon be replaced with QR code for Gmail assay-mark .

When it arrive to account security , SMS is not the most honest selection for receive sensitive check codes , or one - time passwords ( OTP ) on telephone . That is why , over the past few years , Google has steadily developed password alternatives such ason - equipment Google prompts , appraiser apps , hardware security key , andthe Passkey systemto minimize the risks such as SMS phishing .

Now , Google is planning to phase out SMS - base verification completely for Gmail ( and with it , Google account ) certification . “ Just like we desire to move past passwords with the use of things like passkeys . We want to move away from sending SMS substance for authentication , ” Gmail representative Ross Richendrfer , was quote as saying byForbes .

Why is SMS unsafe?

Getting codification via a text substance is convenient , but it ’s not just the footpath and detailed phishing proficiency that make SMS an unsafe itinerary . SIM swapping , social engine room , and impersonation attacks are also a fairly well - have intercourse technique , and when those plans are executed , the licit owner never receive their SMS verification codes .

That leaves them locked out of their own Gmail account , and all the core services tied to it , which also admit third - company services that need a Google news report log - in . Moreover , in scenarios where users do n’t have access to cellular electronic web , getting logarithm - in codes via SMS becomes another challenge .

How QR codes can help?

Over the next few months , Google plan to replace the six - digit SMS codes and will show a QR code that users simply have to scan with the camera app on their telephone set . The company has n’t shared many technical contingent about those plans , but it seems Google would likely create a communications protocol that would postulate a secure QR computer code handshake with a verified telephone set operate the register phone number .

It is deserving nothing here that QR code are not inherently tomfool - proof . QR scams are also passably uncouth . But a QR scanning system that requires a local decode key , or a secure public key between only two trusted parties , is a pile safer and quick .

We of late covered one such design calledself - authenticate dual - modulated QR ( SDMQR ) codethat has already receive a governing grant and might soon replace bar code in various business and industrial applications .

Developed by experts at the University of Rochester , an SDMQR computer code bank on a cryptographic theme song organization that can only be unlock with a digital private key . These specialised QR code wo n’t ask any special scanning app , and can be follow up on fluid equipment across the world at an OS - grade .