Google to Scrap SMS MFA

Image showing the Google G logo

In a bid to tighten security and combat cyberattacks, Google is scrapping SMS multi-factor authentication (MFA) for Gmail accounts in favour of QR codes and passkeys.  The aim is to "reduce the impact of rampant, global SMS abuse."

SMS MFA is a convenient method and is widely used due to its accessibility, as most people have a mobile phone with texting capabilities. However, it’s become a breeding ground for hackers, as they can exploit the MFA process to capture the one-time passcode (OTP). They use techniques such as SIM swapping to trick a mobile provider into transferring the user's phone number to a different device, allowing them to access the verification code.

The move to QR codes, which are more complex than a simple six-digit number, is hoped to significantly reduce hackers' ability to trick users into sharing their OTP.

MFA was introduced as early as 1996, but with the evolution of cyberattacks, MFA have become easier to intercept.  While QR codes aren’t without their own vulnerabilities, it is hoped that more victims will be protected.

It is important to remain vigilant.  If any organisation asks for sensitive credentials or you receive any unexpected links via SMS, avoid providing the information or clicking on the links.

If you do ever receive a suspicious SMS, simply report it by forwarding the message to 7726, a free service provided by most mobile phone networks.

Google hasn’t provided a timeframe for the changeover, but users are told to keep an eye out for further updates in the “near future”.

BizWiseIT is here to assist you with your IT-related queries.  We work with local businesses across the West Sussex region, Crawley and Gatwick, and are ready to take your call should you need any assistance.

Image credit: Designed by Freepik www.freepik.com