Gmail registration now requires scanning a QR code and sending a text message
negura
587 points
441 comments
May 11, 2026
Related Discussions
Found 5 related stories in 86.0ms across 8,303 title embeddings via pgvector HNSW
- Mexico Mandates Biometric SIM Registration for All Phone Numbers mikece · 18 pts · March 02, 2026 · 49% similar
- Mexico Mandates Biometric SIM Registration for All Phone Numbers latein · 33 pts · March 04, 2026 · 49% similar
- Google broke reCAPTCHA for de-googled Android users anonymousiam · 852 pts · May 08, 2026 · 49% similar
- Google tests 5 GB cap for users who skip phone numbers jnord · 11 pts · May 15, 2026 · 49% similar
- Google Now Lets You Change Your Gmail Address dctoedt · 13 pts · March 31, 2026 · 48% similar
Discussion Highlights (20 comments)
findbizonline
When did it start?
8cvor6j844qw_d6
Recently helped a small business set up a Google Workspace account and we hit a wall during registration. Told the owners that if Google is already being difficult during signup, imagine being locked out later with client work on the line. Pulled up a few horror stories about Google lockouts to drive the point home. They ended up with another workspace solution.
dvh
Any Gmail person can tell me why Gmail is tolerating Gmail phishing emails that use Google's own services (e.g. https://storage.googleapis.com/savelinge/ ... ? More info here: https://news.ycombinator.com/item?id=46665414
opengrass
I got this a few weeks ago, it was a URL like "sms?:number" which tries to pre-fill text in app. Didn't work for me (Fossify) so I had to copy the number and verifier text from that URL and send it manually. It's for saving money spent on providers like Twilio.
reconnecting
Gmail has been evil both for client privacy as they use email scanning for marketing purposes, and for 'spam' filters that reject legitimate emails. The fact that they're introducing QR/SMS/MMS/whatever they want is actually an interesting signal, because it will harm the customer experience, which might result in the growth of responsible paid email services.
spwa4
The real problem for privacy is that governments are increasingly outsourcing the verification of identity and bot protection to private companies.
CWwdcdk7h
Last time YouTube wanted to verify my phone number it was easier to find a free service to receive SMS than for Google to deliver it to my actual phone. And Google didn't care I "verified" a number assigned to other side of the world.
dsr_
... and gives me a message on my primary phone: "This number has been used too many times."
Aurornis
> Supposedly, using the QR code on the smartphone triggers an SMS sent from your phone to Google in order to verify your phone number. Does anyone have a better source of information than this one forum comment from someone who thinks scanning a QR code is enough to get your phone to send a text message? EDIT: It’s just an SMS URI. It doesn’t automatically send anything, just opens a text message for you to send. This is just the old phone number verification with a QR code convenience method.
jmyeet
Everything is going to get so much worse and AI really is to blame. So many websites now have these verification pauses and CAPTCHs because of AI agents. Part of it is agents. Part of it is everyone running their own awful versions of Googlebot. Years ago IIRC there was a "bug" where the Android emulator allowed you to create real Google accounts. This was found and I'm sure millions of these accounts were created. There's a whole black market for Google accounts. Whereas I lost a Google account I'd created for a relative because it hadn't been used in awhile and it was tied to a mobile number I no longer had. I don't see how this ends without registering for a service like Gmail being tied to your government ID.
DivingForGold
Won't be registering any new gmail accounts in the future and will gladly dump the ones I have if Google tries to force obtaining my phone no.
xchip
I also receive too much spam, I'll believe in their AI whenever they are able to fix spam.
arjie
I went through it to register just now. No QR code required. Same flow as it has been for years: 1. Personal/Child/Business 2. First/Last 3. Pick email 4. Date of Birth 5. Backup email / Skip 6. Password 7. Enter phone number 8. Confirm with 2FA code 9. Done. I just made the email testregistrationflow@gmail.com and have since forgotten the password. So that’s one burned. But feel free to try testregistrationflow1@gmail.com and see if it works without a QR code. The headline is clearly a misstatement of what is a specific flow for someone to make many Gmail accounts programmatically.
mikestew
Is this the reCAPTCHA crap I just ran into minutes ago? It’s the Cloudflare “verify your humanity” thing, and the checkbox isn’t good enough, so now there is a “mobile verification, the support page for which (that I briefly skimmed) talks about scanning a QR code. (EDIT: TFA didn’t clear it up for me, but it sounds similar.)
everdrive
Thanks for the update. I've been meaning to fully move away from gmail. It's clear that now is the time.
Imustaskforhelp
Yes I had the same issue and wrote an hackernews comment[0] and was gonna write a blog post but laziness (but I am glad that privacyguides wrote an article!) I also want to share a comment that someone (Velocifyer) added on my comment: "If you make a blog post, make sure to also comment on how the audio reCAPTCHAs are nearly impossible and are blocked on public VPNs. The visual reCAPTCHAS have vauge instructions (they say “Select all squares with busses.” when they mean “Select all squares that have a bus or part of a bus and do not select any other squares.”. For 2 years I could not figure that out so I had to use the audio captchas but then Google blocked them on public VPNs and also made them almost impossible. I could only figure that out when Google Gemini clarified it for me." Also another fact that I had discovered but to upload youtube vidoes more than 15 minutes you have to do this verification with sms and I found that its system of sending sms was quite finnicky and (too much limits is actually just one try) Google and other tech giants's recent changes/lobbying are really impacting the open internet and it feels to me like we as people who have knowledge about these topics must do something to reform things as I simply cannot ask people who are technically unaware about these topics to fight for these changes unless we advocate and educate them about it Most people just have simply way too much of other issues to fight for these things that they have almost taken for granted, but this to me means that the responsibility is on us people who are technically sound to fight against the attacks on open internet if we wish to preserve it. I think my point is that we all might be waiting for other people to protest against these tech giants but I think that the world is looking at us people for such protests, Let's hope that we are able to educate more people and the open internet is preserved. Our small steps might mean a lot in the future and so to not be dis-illusioned to make small steps thinking that they might be too small but we have to fight tech giants if we wish to preserve open internet. Every step is meaningful no matter how small [0]: https://news.ycombinator.com/item?id=48042596
vachina
Google is trying to retain the value of their userbase, because many third party services use Gmail auth as a signal for low fraud risk.
tamimio
This is not new, back I think in Feb when I registered a new one, it did ask to send an SMS instead
oldherl
Wechat (Weixin; 微信) from Tencent has been doing this for years. Now Google is becoming the new Tencent and the US is becoming the new China
Retr0id
fwiw I was able to set up a fresh google account without SMS via a used android device (with no SIM installed), 2 days ago. But I suppose on balance, having a second device is more onerous than having a second SIM.