Why you need to change your account today<\/p>\n
NurPhoto via Getty Images<\/p>\n
Update: Republished on May 2 with more security fallout as Microsoft deletes passwords by default and Google and others are urged to do the same. <\/p>\n
Google has confirmed the latest warnings \u2014 that Gmail accounts are under attack<\/a>, and has issued some simple, critical advice. But it\u2019s difficult for users to dive beneath all the headlines to work out exactly what they should do. To start with, you must upgrade your email account to keep it safe from attackers. Here\u2019s what to do and why today.<\/p>\n The latest attacks follow recent patterns, mimicking Google\u2019s own support to trick users into giving up credentials. According to Check Point<\/a>, Google is second only to Microsoft in its likelihood to be aped in an attack. \u201cAs we progress through 2025,\u201d Check Point says, \u201corganizations and users must stay alert to the evolving threat of phishing attacks.\u201d<\/p>\n ForbesMicrosoft\u2019s Free Upgrade Offer Hits New High\u2014Check Your Windows PC NowBy Zak Doffman<\/a><\/p>\n Google\u2019s first piece of advice follows on from that warning \u2014 it will never contact users to discuss to account security. \u201cReiterate to your readers,\u201d the company tells me, \u201cthat Google will not call you to reset your password or troubleshoot account issues.\u201d<\/p>\n The second piece of advice is to upgrade your account security. \u201cPasskeys provide the strongest protection<\/a>,\u201d Google says. \u201cOnce you create a passkey, you can use it to easily sign in to your Google Account, as well as some third-party apps or services. You can also use that passkey to verify it\u2019s you when you make sensitive changes.\u201d<\/p>\n Unlike Microsoft, which pushes users to delete passwords<\/a> as an account vulnerability if kept alongside passkeys, Google is keeping passwords and two-factor authentication as a backup. But when you set up your passkey, you should change your password and ensure that 2FA is device linked, either through an authentication app or a trusted device login. Do not use SMS.<\/p>\n ForbesGoogle\u2019s Update Decision\u2014Bad News For 50% Of Android UsersBy Zak Doffman<\/a><\/p>\n The is especially critical with the rise in AI attacks that are harder to detect and defend, as the FBI has just warned<\/a>. You\u2019re less likely to see them coming and so you should do all you can to make it impossible for an attack to hit its mark. And per Check Point, \u201cAI threats are no longer theoretical \u2014 they\u2019re here and evolving rapidly.\u201d<\/p>\n So, why today? May 1 was World Password Day, and even if you missed the over-hyped day itself, you should act now. Ignore the worst passwords in the world stories, and focus on the key message. It\u2019s time to shift to Passkeys, so much so that Microsoft and others are dubbing this year security jamboree World Passkey Day. It\u2019s a timely reminder to upgrade your Gmail and other accounts before it\u2019s too late.<\/p>\n The FIDO Alliance<\/a> is charged with pushing passkeys, and its latest research shows adoption is accelerating. \u201cThe establishment and growth of World Passkey Day,\u201d its CEO Andrew Shikiar said today, \u201creflects the fact that organizations of all shapes and sizes are taking action upon the imperative to move away from relying on passwords and other legacy authentication methods that have led to decades of data breaches, account takeovers and user frustration.\u201d<\/p>\n You can find details on setting up your Google\/Gmail passkey here.<\/a><\/p>\n I have suggested before that Google should follow Microsoft\u2019s lead and go passwordless by default, not even keeping them around as a back-up. The Windows-maker has generated a raft of headlines this time around by confirming its new default<\/a> and that users should be deleting passwords from their accounts.<\/p>\n ForbesMicrosoft Warns All Windows Users\u2014Delete Your PasswordBy Zak Doffman<\/a><\/p>\n