Google wants to do away with SMS to authenticate a user when they log in to a Gmail account. While waiting for passkeys to become the obvious security solution for everyone (which will take some time), online service operators still use two-factor verification (2FA): the first factor is none other than the user's password, the second is often a code to be entered in a dedicated app, or sent by email or SMS.
The SMS solution has the merit of simplicity: you receive the code directly on your smartphone, and that's it. Except that malicious intermediaries can hack the operators' installations; the codes are not encrypted from end to end (they are SMS); not to mention SIM swapping attacks.
In short, whenever possible, it is better to select another 2FA identification method! "Just as we want to avoid using passwords thanks to solutions like passkeys, we want to move away from sending SMS messages for authentication", explained a Google spokesperson told Forbes.
In the coming months, the search engine will offer a system based on a QR code to scan, which will allow the user to be authenticated much better than a simple SMS. In a way, it is the same thing as a code sent by an application... only more graphic! Unfortunately, Google doesn't go into much detail, and it's unclear which countries will be affected initially.
Source: Forbes
0 Comments