Are you still using SMS-based two-factor authentication for your Gmail account? Firstly, why? And secondly, you’ll want to change that soon(ish) as Gmail is about to end support for the least secure of all the multi-factor authentication methods.
The American email company seeks to “reduce the impact of rampant, global SMS abuse,” said Gmail spokesperson Ross Richendrfer speaking to Davey Winder for a new Forbes report.
No more MFA SMS
Instead of pushing for the wider and faster adoption of passkeys, Gmail is said to soon replace SMS authentication codes with a QR code you’ll need to scan with your smartphone. While that’s more secure than receiving an SMS with a code to input, it still places heavy reliance on having your smartphone handy. The Forbes report didn’t specify the actions necessary if your phone has just been lifted or what you’ll need to do when signing in on said phone.
But we’re sure those details will be publicised shortly before the changeover happens. In the meantime, here’s how to change your authentication method before then.
Changing your Google authentication method:
- Log into your Google account with your email address, phone number, and password. If you’re still using it, go ahead and put that SMS code in for the last time.
- From the list of options that appears in the top left, choose ‘Security’.
- Scroll down until you see ‘How you sign in to Google‘
- Make sure you have at least one other authentication method enabled before proceeding. Those can include Google prompts, passkeys, or using an authenticator app like Google Authenticator (Android/iOS).
- Once done, look for ‘2-Step Verification phones‘.
- Clicking on that should take you to a new page with the phone numbers that can receive sign-in codes – remove them.
It’s probably a good idea to add as many sign-in methods as you can to cover your bases. It’s also a good idea to pretend your smartphone has been stolen and try to see if you can still access all the services you would need if that were really the case.
Use a password manager to hold your Google account password? What if your password manager needs to send you a verification code to your email to make sure it’s really you because you’re logging in from a friend’s device because you forgot yours in an Uber (or worse)? Thinking about these things is always better to do before you actually need to do them.
