Google has confirmed another security alert, this time targeting Gmail users. The company’s infrastructure was exploited, compromising user accounts, and prompting a warning for all users to upgrade their accounts – now considered essential.
A recent survey by Google found that only 60% of US consumers use strong, unique passwords, while less than 50% enable two-factor authentication (2FA). This is despite Google’s push to replace passwords with passkeys, which offer improved security. Passkeys link account security to hardware security, eliminating the need for passwords and 2FA codes.
The latest Gmail attack highlighted the risks of sharing 2FA codes, even if they can’t be stolen. Google emphasizes that adding a passkey to a Google account protects all services and accounts accessed by that sign-in, while not doing so leaves them vulnerable.
Google’s advice is to change passwords immediately, followed by using passkeys wherever possible. This modern passwordless method of logging into accounts is already supported by Google, iCloud, Microsoft, Meta, and others. By pairing ease and safety with passkeys, users can limit the number of accounts they need to maintain and enhance their overall security.
Source: https://www.forbes.com/sites/zakdoffman/2025/06/21/google-confirms-most-users-must-upgrade-gmail-and-other-accounts