Government Approves Option to Skip SMS Verification for Password Changes on "Gosulyuzh" Platform
Russian Authorities Crack Down on SMS Code Fraud
In a move aimed at combating cyber fraud, any code sent via SMS is now deemed malicious, as confirmed by the minister during a meeting of the State Duma's Information Policy Committee. This statement was reported by RIA Novosti.
Speaking on the issue, Maksut Shadaev, a government representative, urged citizens to switch from SMS codes for password changes to more secure alternatives like biometrics, bank apps, or trusted third-party apps. Password changes on the "Gosuslugi" portal can also be made at Multi-Function Centers (MFCs), according to the Ministry of Digital Development.
The ministry's press service revealed that this shift away from SMS codes is part of a broader anti-fraud initiative. On April 1, 2025, President Vladimir Putin signed a law to protect Russians from online fraud, which also affects the "Gosuslugi" portal. When changing their password, users will receive two messages: a warning and a confirmation code, as stipulated by the law.
If fraud is suspected, access to financial information will be restricted for three days, and authorization on microfinance sites as well as activation of the "Goskluch" mobile app will be prohibited.
While specific alternative methods recommended by the Russian Ministry of Digital Development for combating fraud beyond SMS codes could not be identified in the available information, it's worth noting that Multi-Factor Authentication (MFA), biometric authentication, hardware tokens, U2F keys, and smart cards are commonly used alternatives to enhance security.
These methods, such as passkeys, authenticator apps, face recognition, fingerprint recognition, hardware tokens, U2F keys, and smart cards, are designed to provide stronger security against fraud by using cryptographic keys, time-based one-time passwords, facial features, fingerprint scanning, physical devices, small USB devices, physical cards with embedded microprocessors, and other advanced technologies for authentication. However, the Ministry of Digital Development's specific recommendations for password change verification methods were not provided in the available information.
- In light of the recent crackdown on SMS code fraud by Russian authorities, there is a growing need for alternative methods in cybersecurity, such as biometrics, bank apps, or trusted third-party apps, as suggested by Maksut Shadaev, a government representative.
- As part of the broader anti-fraud initiative in Russia, the move to abandon SMS codes for password changes is being advocated, with other technology-based solutions like Multi-Factor Authentication (MFA), biometric authentication, hardware tokens, U2F keys, and smart cards being potential options towards enhanced security.
