Google has confirmed that 61% of email users have been targeted by attacks, and text messaging users are even more vulnerable. The situation is alarming, with over 60% of U.S. users experiencing an increase in scams over the past year, and half having personally experienced a data breach. However, most users continue to rely on outdated security methods like passwords and two-factor authentication (2FA).
The problem lies in passwords, which are not only painful to maintain but also more prone to phishing and often leaked through data breaches. Google warns that passwords should be upgraded to passkeys, which offer phishing-resistant and secure logins using devices such as smartphones.
Passkeys link to hardware, making a phone or device a digital key for all critical accounts. This reduces the need for multiple accounts and minimizes security risks. The FIDO Alliance and Check Point concur that passkeys are the answer to reducing attacks from cybercriminals like phishing, credential stuffing, and other remote attacks.
To stay safe, users should avoid using passwords on unknown websites or in suspicious messages. Researching websites before proceeding with account creation or entering credentials can help identify potential phishing attacks. Google is pushing for passkey adoption across its account ecosystem, emphasizing protection across all services.
Microsoft has taken a step further by blocking 7,000 attacks on passwords per second and increasing adversary-in-the-middle phishing attacks by 146% year over year. While this may not be directly applicable to Google accounts, it highlights the urgent need to upgrade security methods. Google advises users to make changes today and accelerate an upgrade to their own account now.
Source: https://www.forbes.com/sites/zakdoffman/2025/06/08/google-confirms-almost-all-gmail-users-must-upgrade-accounts