The Ministry of Digital Development has announced that it will gradually abandon confirming logins to the "Gosuslugi" portal via SMS. The decision is related to the increasing number of fraud cases where users inadvertently transmit SMS codes to attackers.
As clarified by the department, for now, the changes will only affect logins to the portal via mobile devices. To confirm their identity during authorization, users will be offered alternative methods: a one-time code in the Max messenger, a code from a special application, or biometric authentication. The use of SMS will only be retained for users of the desktop version of the site.
The Ministry of Digital Development notes that the option of receiving a code via the Max messenger provides additional protection against social engineering. Before sending the code, the chatbot asks the user several questions that allow identifying a possible fraudster. If the answers are suspicious, the code is not sent, and the user receives a warning about the threat.
Other methods of confirming login, such as generating one-time codes in a secure application or logging in via biometrics, can be selected in the "Security" section of the user's profile. At the same time, the login, password, and second factor of protection are not entered at each login — the session in the "Gosuslugi" mobile application is valid for six months.
Earlier, messages appeared in Telegram channels that some users are prompted to install the Max messenger to receive an authorization code when logging into "Gosuslugi". At the same time, there is no way to skip this authorization method.
