Google plans to stop using SMS-based two-factor authentication in its Gmail service to address security concerns. Instead of sending a text message with a verification code, users will be shown a QR code they need to scan with their phone. This change aims to reduce the impact of global SMS abuse and replace it with more secure methods, such as passkeys.
The main issue with SMS-based 2FA is its lack of security. Criminals can intercept messages by convincing carriers to port numbers or manipulate traffic patterns, allowing them to make money on each text. The high volume of SMS messages sent for verification and spam prevention makes it difficult to prevent abuse.
Google’s goal is to move away from passwords entirely, but adoption of passkeys has been slow. Replacing the current 2FA method with a more secure one like QR code scanning is still an important step in achieving this goal.
Source: https://www.engadget.com/cybersecurity/gmail-will-stop-using-sms-for-two-factor-authentication-185615193.html