Upgrade Your Gmail Account Now: Google Alerts of Potential Security Risk
Update: Version 5.4, May 4 - Developments Affecting Gmail Users and the Future of Passkeys
It's time to bolster your email security swiftly. Google has confirmed a fresh wave of cyberattacks targeting Gmail accounts, urging users to take immediate action. To help you tackle this issue like a pro, here's a simple yet crucial guide on how to beef up your account's defense.
Recent attacks have mimicked Google's support services to deceive users, highlighting the importance of vigilance. According to Check Point, Google ranks second only to Microsoft as the most imitated company in phishing attacks. As we venture through 2025, organizations and users alike must remain vigilant against these evolving cyber threats.
Now, here's Google's advice: they will never contact users to discuss account security. So, remember, Google won't ring you up about changing passwords or fixing account issues.
Next up, strengthening account protection. Passkeys offer the toughest line of defense. Once you create a passkey, it'll work Just Like Magic 🪄 across your Google Account (and compatible third-party apps) and devices. You can also verify your identity when making sensitive changes.
Per FIDO Alliance, a passkey is a secret secured on your devices and unlocked via biometrics, PIN, pattern, or other authentication methods. Unlike passwords, passkeys are impervious to phishing attempts, always robust, and designed to hold no shared secrets.拥有 Passkeys 简化了账户注册,可在所有设备上轻松操作,甚至在同一 distances 内的同步设备上使用。
Unlike Microsoft, which advises users to delete passwords as a possible account vulnerability, Google keeps passwords and two-factor authentication as a fallback. But when setting up your passkey, ensure your password is updated, and enable 2FA through either an authentication app or trusted device login. Avoid using SMS.
Google aspires to eliminate passwords entirely, but according to a "Techspert," this won't occur overnight. "Sound the trumpets," he says, "passkeys will replace passwords. The vision for passkeys extends beyond replacing passwords, aims to eliminate all the makeshift solutions designed to compensate for password vulnerabilities."
This push for security is highly relevant now, as AI attacks become tougher to detect, and the FBI has recently cautioned about the escalating threat. "[AI attacks] are no longer speculative—they're here, and advancing rapidly," says Check Point. So, shoring up your Gmail and other accounts immediately is essential.
On World Password Day (May 1), Google published a crucial update. While you might have missed the celebration itself, the message is clear: Upgrade to Passkeys now. Brush off the tales of the world's worst passwords and focus on adopting Passkeys to stay secure and trendy.
The FIDO Alliance is driving the adoption of passkeys and has reported an accelerating trend. "The formation and development of World Passkey Day," says CEO Andrew Shikiar, "reflects the growing momentum as organizations adopt the call to abandon legacy authentication methods, such as passwords, in favor of passkeys."
For a step-by-step guide on setting up your Google/Gmail passkey, head here.
In the past, I've suggested Google should follow Microsoft's lead and make passkeys the default setting, without even keeping passwords on standby. Microsoft has stirred up headlines recently by confirming its new default setting and advising users to eliminate passwords from their accounts.
Microsoft warns, "[The number of] password-based cyberattacks has skyrocketed. Cybercriminals are aware that the password era is waning, and the pool of vulnerable accounts is gradually shrinking. To counteract this, these cybercrims are putting significant resources into automating brute-force and phishing attacks against any remaining password-protected accounts."
However, it's not all black and white. Ars Technica points out that Microsoft's announcement omits one crucial detail: even after users create a passkey, they can't ditch passwords until they install the Microsoft Authenticator app on their device. That's a small inconvenience, but it undercuts the whole "passwordless by default" marketing message.
Microsoft's troubles don't end there—an AI model misidentified emails from Gmail accounts as spam in Microsoft Outlook. Now that it's been fixed, Microsoft says, "We're continuing to investigate opportunities to improve our AI detection process and reduce false positives." In the meantime, the main message for Gmail users remains: Upgrade with a passkey, make other changes, and stay safe.
- In response to the growing risk of Gmail attacks, Google advises users to beware of any warning messages that claim to be from Google, as the company will never contact users about account security issues.
- To enhance account security, Google suggests adopting passkeys, a more secure alternative to traditional passwords. Passkeys, which can be unlocked via biometrics, PIN, pattern, or other authentication methods, work across multiple devices and are resistant to phishing attempts.
- While Google initially keeps passwords and two-factor authentication as a fallback, it is recommended to update your password and enable 2FA when setting up a passkey, and avoid using SMS for 2FA.
- It's crucial to stay vigilant as AI attacks become increasingly difficult to detect, and cyber threats continue to evolve. Organizations like FIDO Alliance are pushing for the widespread adoption of passkeys to replace passwords, aiming to eliminate all makeshift solutions designed to compensate for password vulnerabilities.