Google is working to replace SMS-based two-factor authentication from Gmail with QR codes:

Currently, Google sends out a six digit code through SMS after the user enters the password. Google's plans on completely abandoning the structure of SMS supported two-factor authentication for Gmail users and replace it with a QR code generation for verification. This is meant to enhance security against phishing attacks and SIM swapping forgery, which are used by cyber criminals for hijacking the telephone number of the user to steal verification codes.

There system introduced in 2011 is one of the oldest and widely accepted systems available. Currently, more secure systems are now present in the market, Google is in the process of rolling out QR codes to be scanned with a smartphone camera for identity verification. SMS based 2FA is better than nothing but in recent years, it has become increasingly prone to cyber attacks. One of the high profile breaches that resulted from SIM swapping attacks in which a scammer convinces the telecom company to transfer the victim's phone number to a new SIM card and intercepts all verification messages from that number for the period of the attack are numerous. Black hats, as hackers are known to lure clients into revealing their one time SMS codes by means of phishing attack and so SMS authentication is not a very strong second line of security.

Although Google has not explicitly stated any marketing rollout date it expect for QR authentication, Google offers the following more secure options for logging in: 

• Google prompts- Users receive a pop up notification on their registered device to approve or deny the login attempt.
• Authenticator Apps- Google Authenticator or different third party apps like Authy generate time based one time passwords.
• Security Keys- Hardware based security keys such as YubiKey are used to provide maximum protection through hardware based aunthentication.

This shift further embraces a major industry trend away from the traditional password only and SMS based authentication to higher forms of verifying safety that are better secured from interception and exploitation. The move will affect the entire Google ecosystem around services such as Gmail, Google Play, Maps, Workspace, Youtube and other linked to Google accounts.

Assuring this transition will take a few months, Google promises more details on how and when the overhaul in authentication will take place.

Source - https://www.businesstoday.in
               https://cyberscoop.com
               https://timesofindia.indiatimes.com

For more information on IT Services, Web Applications & Support kindly call or WhatsApp at +91-9733733000 or you can visit https://www.technodg.com