Eliana Willis

When it comes to creating strong, secure passwords, the best course of action is to use a password generator, which is much better than humans are at randomizing characters into long (16 or more) and hard-to-crack credentials. Thankfully, there are numerous tools available. Also: The best password managersWhat is the best password generator right now?At ZDNET, we’ve tested a long list of password generators to find the top tools for creating strong (random) passwords to secure your digital accounts. The best password generator is the one you’ll actually use — and if you have a password manager, the simplest and most seamless way to create and save strong passwords is to use the built-in generator. That said, NordPass More

ZDNETGoogle is aiming to dump SMS as a two-factor authentication method for Gmail and switch to a more secure approach using QR codes. Reducing SMS abuse In an email conversation with Forbes published in a story on Sunday, Gmail spokesperson Ross Richendrfer described this upcoming change. Instead of entering your number and getting a six-digit code via SMS, you’ll see a QR code that you scan with your phone’s camera. Richendrfer said Google is making this switch to “reduce the impact of rampant, global SMS abuse.” In an email to ZDNET, Richendrfer provided more details. Also: Gmail just made it easier to pay your bills — here’s howUsing two-factor authentication with your online accounts is highly recommended as a way to verify your identity and guard against suspicious or malicious logins. But some forms of 2FA are better than others. A common method is to receive a confirmation code via an SMS text message. However, that type of unencrypted communication can be exploited by cybercriminals. Why QR codes? If you’re wondering why QR codes, Richendrfer and Google security communications manager Kimberly Samra zeroed in on the vulnerabilities of SMS authentication. A scammer can spoof such a message to trick you into sharing the correct verification code. You may not always have access to the device in which you receive the code. And through SIM swapping, a mobile carrier can be fooled into transferring the victim’s phone number, allowing the scammer to receive SMS texts, thus negating the security value of the authentication. That’s why a dedicated authenticator app, such as Microsoft Authentication or Google Authenticator, is a more foolproof alternative. Physical security keys also are much more secure than SMS. But those methods can take time to set up, which is likely why Google is opting for a simpler but still stronger approach of QR codes. Also: How to turn on Private DNS Mode on Android — and why it matters for privacyCurrently, Google uses SMS verification for two purposes — security and abuse control, Richendrfer told Forbes and ZDNET. The first purpose is to ensure that the company is dealing with the same user as in previous interactions. The second is to ensure that scammers aren’t abusing Google’s services. One example of the latter occurs when cybercriminals create Google accounts to send out spam and malware. Another trick used by scammers is something called traffic pumping, also known as “artificial traffic inflation” or “toll fraud.” Popping up over the past two to three years, “it’s where fraudsters try to get online service providers to originate large numbers of SMS messages to numbers they control, thereby getting paid every time one of these messages is delivered,” according to Richendrfer. More