What Google Dropping SMS OTPs Means for Mobile Identity
Google has just shaken up its Gmail login process by announcing the removal of SMS one-time passwords (OTPs), replacing them with QR codes for identity verification. Given growing concerns over the security and cost of SMS OTPs, the move makes sense — but the switch to QR codes caught many off guard.
It’s worth noting that this update won’t affect everyone. Many users already rely on more secure options like passkeys or the Google Authenticator app, and they’ll continue to do so. The change primarily targets those still using SMS OTPs, which have long been criticised for their vulnerability to phishing and interception.
So, why now — and why QR codes?
Why Switch Now?
SMS OTPs have experienced high levels of fraudulent activity recently, impacting all stakeholders in the value chain, including mobile subscribers, enterprises and mobile operators. Fraudulent activity such as artificially inflated traffic (AIT) and SMS trashing attempts have led to diminishing trust in SMS as an authentication method; leaving stakeholders to seek alternative methods to verify their users. AIT and SMS trashing occurs when fraudulent players generate many fake accounts on a legitimate enterprise’s website, prompting two-factor authentication and thus a significant number of OTPs to be sent via SMS.
Additionally, the cost of A2P SMS has risen considerably in the last couple of years, with A2P SMS costs almost doubling in some regions. This has made authentication particularly costly for enterprises, with the combination of these increased costs and high levels of fraudulent activity intensifying the need for new forms of mobile identity.
Total Cost of AIT and SMS Trashing to Enterprises ($m) in 2024
Source: Juniper Research
Google’s decision, therefore, to replace SMS OTPs in their Gmail authentication processes is not a surprise, despite the dominance of SMS OTPs within mobile identity, and we anticipate that many enterprises and organisations will follow in this development.
Are QR Codes the Answer?
While Google’s switch from SMS OTPs for Gmail was an entirely expected move, the announcement that QR codes would be the new method to authenticate a user was less anticipated. QR codes have numerous benefits, including enhanced security through the requirement for the user to be present to scan the QR code, as well as removing the need for users to memorise often complex passwords. Furthermore, QR codes enable quick authentication and require little infrastructure from the enterprise; making them cost-effective. These benefits make them a viable alternative to the previously dominant SMS OTPs.
However, there are limitations when considering QR codes for mobile identity. The use of QR codes assumes a level of technology that not all users may have, as it depends on the user having a smartphone or device with camera and scanning capabilities. Also, it presumes that most users will be accessing their Gmail account on an alternative device from the one that is being used to scan the QR code, which with the demand for access to accounts on the go is unlikely. Therefore, the use of QR codes for mobility identity by Google risks alienating some users.
This switch exemplifies a wider market dynamic, with the issues surrounding SMS OTPs also prompting other organisations to follow a similar trend to Google. The consequence of this will be felt most significantly by mobile operators, who (as per our recent forecasts) received $22.3 billion in SMS OTP revenue globally in 2024. Stakeholders moving away from SMS OTPs as a mobile identity solution to non-operator billed methods provides a substantial threat to future mobile operator revenue streams.
Total Operator-billed Revenue from SMS OTPs ($m), Split by 8 Key Regions, 2025-2029
Source: Juniper Research
So, What's the Future of Mobile Identity?
Given Google’s significant investment and role in the development of rich communication services (RCS), Juniper Research was surprised that Google had opted for QR codes for Gmail authentication. Similar to SMS, RCS can be used for OTPs in authentication, and with Google’s involvement in the development of RCS, it would have seemed a natural progression to implement RCS OTPs into Gmail authentication methods.
RCS offers numerous advantages for mobile identity when compared to SMS, with RCS providing enhanced security through verified sender profiles and branded messaging capabilities. However, the lack of established reach with RCS proves to be a complexity in utilising it for mobile identity, with many mobile operators not yet supporting the messaging platform.
RCS has capabilities extending further than OTPs, with it enabling richer communications between enterprises and customers such as two-way conversations and enhanced graphics and images. Therefore, the developmental and commercial focuses for RCS were centred around marketing and conversational use cases, rather than OTPs.
Additionally, over the top (OTT) messaging platforms such as WhatsApp have a wide reach and are already utilised by some enterprises for OTP use cases, however with this service being provided by one of Google’s rivals, Meta, it explains why Google have not opted for this service for authentication.
In summary, Google’s decision to move away from SMS OTPs responds to the concerns surrounding SMS as an authentication channel, but there is yet to be a clear successor within mobile identity; with a range of options being explored by enterprises. In turn, Juniper Research’s recent mobile identity study predicted that application programming interfaces (APIs) which authenticate users silently in the background of the device, by utilising the mobile network, will replace SMS as the dominant form of mobile identity. This owes to the high level of security that silent authentication APIs offer and the user friendliness provided with a lack of user interaction.
Georgia is a Research Analyst in Juniper Research’s Telecoms & Connectivity team, providing analysis on the emerging trends and latest developments in the telecommunications market. Her recent reports include Mobile Identity, AIT Prevention, and Robocall Mitigation & Branded Calling.
Latest research, whitepapers & press releases
-
ReportOctober 2025Telecoms & Connectivity
Travel SIMs & eSIMs Market: 2025-2030
Our comprehensive Travel eSIMs research suite comprises detailed assessment of a market undergoing rapid growth. It provides insight into how travel eSIM providers can differentiate their services to maximise success in the market over the next two years.
VIEW -
ReportOctober 2025IoT & Emerging Technology
Direct to Satellite Market: 2025-2030
Juniper Research’s Direct to Satellite research suite provides satellite providers, investors, and partners, such as Mobile Network Operators, with an extensive analysis and insights into the direct to satellite market.
VIEW -
ReportSeptember 2025Fintech & Payments
Instant Payments Market: 2025-2030
Juniper Research’s Instant Payments research suite provides a wide-ranging and strategic analysis of this market; enabling stakeholders - from banks, infrastructure providers, regulators, and businesses - to understand future growth, key trends, and the competitive environment.
VIEW -
ReportSeptember 2025Fintech & Payments
Anti-money Laundering Systems Market: 2025-2030
Our AML Systems research suite provides a detailed and insightful analysis of this evolving market; enabling stakeholders from financial institutions, law enforcement agencies, regulatory bodies and technology vendors to understand future growth, key trends, and the competitive environment.
VIEW -
ReportSeptember 2025Fintech & Payments
A2A Payments Market: 2025-2030
Our A2A Payments research suite provides detailed analysis of this rapidly changing market; enabling A2A payments service providers to gain an understanding of key payment trends and challenges, potential growth opportunities, and the competitive environment.
VIEW -
ReportSeptember 2025Telecoms & Connectivity
Mobile Messaging Fraud Prevention Market: 2025-2030
Our Mobile Messaging Fraud Prevention research suite provides a detailed and insightful analysis of a market set for significant disruption over the next five years. It enables stakeholders from mobile operators, enterprises, and mobile messaging fraud prevention vendors to understand how the market for mobile messaging fraud will evolve, as well as the impact of AI, RCS, and the evolving competitive environment.
VIEW
-
WhitepaperOctober 2025IoT & Emerging Technology
Beam Me Up: The Direct to Satellite Revolution
Our complimentary whitepaper, Beam Me Up: The Direct to Satellite Revolution, evaluates the future key services that satellite providers must offer in the direct to satellite market.
VIEW -
WhitepaperSeptember 2025Fintech & Payments
Core Banking Transformation - A Strategic Conversation with SAP Fioneer
Core banking transformation is no longer optional, as regulatory change, rising compliance costs, and shifting customer expectations make legacy systems unsustainable. Anna Koritz, Global Head of Transaction Banking at SAP Fioneer, shares how banks can overcome cultural and technical hurdles and why SAP Fioneer’s modular, cloud-ready approach enables confident modernisation.
VIEW -
WhitepaperSeptember 2025Fintech & Payments
From Detection to Prevention: The Next Era of Anti-money Laundering
Our complimentary whitepaper, From Detection to Prevention: The Next Era of Anti-money Laundering, examines the state of the AML systems market; considering the impact that a changing regulatory environment and a growing number of use cases is having on the market. Additionally, it includes a forecast summary of the total value of the AML systems market in 2030.
VIEW -
WhitepaperSeptember 2025Fintech & Payments
3 Key Trends Driving Instant Payments
Our complimentary whitepaper, 3 Key Trends Driving Instant Payments, assesses how key trends are driving the evolution of the instant payments market, and which challenges these resolve. Additionally, it includes a forecast summary of the global transaction values via instant payment schemes by 2029.
VIEW -
WhitepaperSeptember 2025Fintech & Payments
Ascending-to-Ailing: The Deceleration of A2A Adoption
Our complimentary whitepaper, Ascending-to-Ailing: The Deceleration of A2A Adoption, examines the state of the A2A payments market; considering the impact of this payment method and how it is shaping the modern payments landscape through lower fees and enriched user experience.
VIEW -
WhitepaperSeptember 2025Telecoms & Connectivity
RCS Fraud: Emerging Threats in Next-gen Messaging
Our complimentary whitepaper, RCS Fraud: Emerging Threats in Next-gen Messaging, examines the future of the messaging fraud prevention market, with a particular focus on the latest trends within RCS Business Messaging (RBM). Additionally, it includes a forecast summary of the total cost of fraud over RBM to subscribers in 2030.
VIEW
-
Fintech & Payments
Juniper Research Unveils 2025’s Fintech & Payments Awards Winners
October 2025 -
IoT & Emerging Technology
Satellite Broadband Market to Break $20 Billion by 2030, as Satellite Constellations Disrupt Established Services
October 2025 -
Fintech & Payments
Subscription Economy to Reach $1.2 Trillion by 2030 Globally, Despite Increasing Subscription Fatigue
October 2025 -
Fintech & Payments
AML Systems Market to Surpass $75 Billion by 2030 Globally, With LexisNexis Risk Solutions, Oracle, and Experian Leading the Defence
September 2025 -
Fintech & Payments
Instant Payments to Exceed $110 Trillion by 2029 Globally, Accelerated by European Regulation & FedNow Impact
September 2025 -
Fintech & Payments
B2B Payments to Hit $224 Trillion by 2030 Globally, Driven by Emerging Market Expansion
September 2025