A username and password just won’t cut it anymore. Users around the world logging into Gmail have often relied on Google SMS pings to securely access their accounts, but that’s changing. Google now hopes to move beyond SMS, which has become so frequently abused that it negates any supposed security benefit. Instead of using SMS, the company will reportedly switch to using QR codes.
Currently, Google sends SMS codes for two reasons: to confirm that a new login is legitimate and to block spammers from opening Gmail accounts in bulk. You type in your credentials, and a moment later, Google texts a six-digit code for you to enter as well. It’s not a terribly arduous process, and it can help protect your account, but SMS is not very secure.
SMS messages are delivered by mobile carriers without encryption, and they often go through intermediaries that can be compromised without your knowledge. Even if the line is secure, phone numbers have very little in the way of security.
