Two-Factor Authentication and Passkeys Key to Securing Accounts

Google has confirmed that hackers are gaining access to Gmail accounts due to compromised passwords, prompting the tech giant to warn users to change their passwords to secure their accounts. The warning comes as part of a series of hacks and warnings that have left all 2.5 billion Gmail users at risk.

According to Google, most account holders need to upgrade the security on their accounts by using a form of two-factor authentication that’s not SMS, and adding a passkey to their accounts. However, most users do not yet have passkeys on their accounts and still rely on passwords, making them vulnerable to fake sign-in pages that steal their passwords.

Recent attacks on Amazon and PayPal have highlighted the importance of setting strong passwords and using unique passwords across multiple accounts. Google confirms that only 36% of users “regularly update passwords,” meaning most users need to update their passwords now and do so regularly.

To secure their accounts, users are advised to use a standalone password manager to choose and save a new password, change their 2FA to an authenticator app, and add a passkey if they don’t have one. Users should also stick rigidly to the use of their passkey and never sign-in via a link, even if it seems to come from Google.

This latest warning from Google follows a series of hacks and warnings that have left users at risk, including the hacking of Google’s own Salesforce database and scammers pretending to be Google support staff. The tech giant has warned that the attacks lead to fake sign-in pages that steal users’ passwords and sometimes add an additional step to trick users into sharing a 2FA code or bypassing the need for that code completely.

The Risks of Password-Only Authentication

Using passwords as the primary form of authentication is no longer sufficient, as hackers have become increasingly sophisticated in their methods. According to Google, compromised passwords are behind a significant number of “successful intrusions,” making it essential for users to adopt more secure authentication methods.

The Benefits of Two-Factor Authentication

Two-factor authentication (2FA) adds an extra layer of security to the login process, making it much harder for hackers to gain access to accounts. Google recommends using an authenticator app, such as Google Authenticator or Authy, to generate a one-time code that must be entered along with the password.

The Benefits of Passkeys

Passkeys are a type of authentication that uses a physical device, such as a USB key or a smartphone, to generate a unique code that must be entered along with the password. Passkeys are more secure than passwords and 2FA, as they are not susceptible to phishing attacks and cannot be hacked.

What Users Can Do to Secure Their Accounts

To secure their accounts, users should:
Update their passwords regularly
Use a standalone password manager to choose and save strong passwords
Change their 2FA to an authenticator app
Add a passkey to their accounts
Stick rigidly to the use of their passkey
Never sign-in via a link, even if it seems to come from Google

By taking these steps, users can significantly reduce the risk of their accounts being compromised and ensure the security of their personal data.