Google To Eliminate SMS Authentication in Gmail, Implement QR Codes - Slashdot

Slashdot

●Stories

●Firehose

●All

●Popular

●Polls

●Software

●Thought Leadership

Submit

Search Slashdot

● Login

●or

● Sign up

●Topics:

●Devices

●Build

●Entertainment

●Technology

●Open Source

●Science

●YRO

●Follow us:

●RSS

●Facebook

●LinkedIn

●Twitter

● Youtube

● Mastodon

●Bluesky

Follow Slashdot blog updates by subscribing to our blog RSS feed

Nickname:

Password:

Public Terminal

Forgot your password?
Close

This discussion has been archived. No new comments can be posted.

Google To Eliminate SMS Authentication in Gmail, Implement QR Codes More Login

Google To Eliminate SMS Authentication in Gmail, Implement QR Codes

Load All Comments

Full Abbreviated Hidden

/Sea

Score:

5

4

3

2

1

0

-1

More Login

Nickname:

Password:

Public Terminal

Forgot your password?
Close

Close

Search 164 Comments Log In/Create an Account

Comments Filter:

● All

● Insightful

● Informative

● Interesting

● Funny

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

I am altering the deal... (Score:5, Insightful)

byVidar Leathershod ( 41663 ) writes:

Pray I don't alter it any further.
Having dealt with the fallout of people losing access to their accounts due to MFA, and not just from compromise, I am completely convinced that passkeys will result in the same. The whole system is completely ridiculous, and their whole claim of improved security has been demonstrated to be a fabrication.

Passkeys will be a PITA (Score:5, Insightful)

byViol8 ( 599362 ) writes:

Instead of just having the browser remember a password you enter the once on each machine you're probably going to have to register Every Bloody Device (as you can hardly copy private keys all over the place) so no more going to a cafe in some far flung place to check your email if you have no phone connection.

Re: (Score:2)

byitsme1234 ( 199680 ) writes:

How would be SMS (the only thing that's going away) any better "if you have no phone connection" ?!
I don't see 2FA becoming mandatory (if you just want to go around entering your password, as single authentication method, into various cafe PCs), and from the existing 2FAs the vast majority are offline (TOTP, recovery codes, any kind of USB secure key, heck even passkeys between PC and phone over bluetooth don't need internet).

Re: (Score:2)

byViol8 ( 599362 ) writes:

"How would be SMS (the only thing that's going away) any better"
SMS works over 2G, apps don't.

Re: (Score:2)

byMachineShedFred ( 621896 ) writes:

And pre-sync'd TOTP generators (there's a pretty popular one called Google Authenticator that runs on your phone, and uses standards so the seed key can be imported in basically every password manager out there) don't require any internet at all. What's your point?

Re:Passkeys will be a PITA (Score:2)

byViol8 ( 599362 ) writes: on Monday February 24, 2025 @12:02PM (#65191659) Homepage

I don't want to have to require on a smartphone to read email on a PC is my point.

Parent Share
twitter facebook

Re: (Score:2)

byitsme1234 ( 199680 ) writes:

A phone that can receive SMSes is a higher bar than a TOTP generator that can really run offline on anything (never mind phones, even watches, not even really smart watches but like Garmin watches or similar).

Re: (Score:2)

byMachineShedFred ( 621896 ) writes:

What about TOTP requires a smartphone? Do you not know how to use a web browser? Have you never seen a TOTP app on a desktop PC?

Re: (Score:3)

byunrtst ( 777550 ) writes:

You can even do this on the command line.
sudo apt install oathtool
seed="your TOTP seed from the setup QR code"
oathtool -b --totp "$seed"
Or use any of a number of TOTP generators out there. There's just a secret number, a well defined algorithm (math), and the current time = TOTP code.

Re: Passkeys will be a PITA (Score:2)

byViol8 ( 599362 ) writes:

And how does one read the QR code?

Re: (Score:2)

byunrtst ( 777550 ) writes:

And how does one read the QR code?
You don't. That's what MachineShedFred was getting at - there are options that don't require internet access nor a phone. This is a tangent topic off of the Google QR code to replace SMS 2FA stuff and doesn't deal with parsing whatever it will be that Google rolls out.
When you setup TOTP with Google, they provide a QR code to scan, as well as a link/button to display the secret TOTP seed (that's really all that's in the QR code, btw). You add that seed to your TOTP app. You can scan the QR code to add it, w

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Slashdot

Moderate Moderator Help Delete

● Get more comments

● Submit Story

It is much harder to find a job than to keep one.

●FAQ

●Story Archive

●Hall of Fame

●Advertising

●Terms

●Privacy Statement

●About

●Feedback

●Mobile View

●Blog

Icon

Do Not Sell or Share My Personal Information

Copyright © 2026 Slashdot Media. All Rights Reserved.

×

Close

Close

Slashdot

Working...