The two-factor authentication (2FA) is a fantastic safety measure, but not all 2FA are the same. SMS-based 2FA is by far the least safe authentication optionAnd yet far too many companies use this method as standard. Hackers know this, which is why they address the 2FA codes of users to commit fraud and steal access to Google accounts. All in all, a 2fa is better than No. 2fa, so it is worth tolerating the SMS-based authentication when it is the only 2FA option.
Now, however, the winds are changing: Google is the latest company that wants to switch from SMS codes to an alternative method. As reported by ForbesThe company plans to switch from SMS codes to QR codes. This is a good thing, even if it changes in your Google account.
SMS 2fa is not safe enough
It is surprisingly easy to get an SMS code. For example, if someone steals their smartphone, they can access all SMS codes they receive. However, fraudsters do not need physical access to intercept their SMS codes. In fact, they can do this while they are in another part of the world.
Fraudsters can make the carriers take over the SIM card of their phone. From here you can deactivate your SIM card and transfer all services to your own so that you can access all SMS codes that are sent to your number. For example, if your bank account is protected by SMS-based 2FA, you will receive the code on your own device, authenticate yourself and put them in to your account. Some fraudsters even deal in a practice that is known as a traffic pump where they use organizations to send a large number of SMS messages to the figures of the fraudsters. You benefit from this news, while the rest of us has to do with a spam flood. If Google move from SMS-based 2FA, Google hopes to limit this fraud.
Instead of relying on SMS-based authentication, I recommended Use of a dedicated authentic appor The Passkeys system without passkeys That Google itself is quite pushing. When using an authenticator app, the code generates every 30 seconds on a safe service that is controlled by them by the carriers. Authenticator apps require the biometric authentication and can also be password -protected, which adds an additional security level. You can use A physical key For maximum authentication security, but an properly furnished authenticator app is sufficiently secure.
If you launch games as a whole, Passkeys are even safer. Passkeys are cryptographically generated for every registration and are clear for the app for devices or passwords. A passkey generated for Google never leaves the device. Even if someone gets the key file into their hands, it cannot be hacked because it is encrypted.
Google shifts standard 2fa to QR codes
Passkeys are the future, but in the meantime Google relocates to QR codes as the standard verification method for telephone numbers.
If users register on a new device, you will be asked with a QR code that you can scan on your smartphone to authenticate yourself. The use of a QR code for checking stops Phishing attacks because there is no code. And since the scanning of QR code personally takes place between two devices nearby, no carrier codes or online servers are involved.
There is still no timeline for it, since Google should only look for more from us in the near future. If the function goes out, I will describe these steps in detail here.
