All products and promotions are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more
If you're one of the 1.8 billion people who rely on Gmail globally, you should take note of the latest security advice from Google. The Californian company is urging millions to ditch their passwords now.
Google's Vice President of Privacy, Safety & Security, Evan Kotsovinos, has penned a blog post that aims to "strongly encourage" the email service's 1.8 billion users to stop relying on passwords to secure their inbox.
"We want to move beyond passwords altogether, while keeping sign-ins as easy as possible, so we strongly encourage using modern methods like Sign in with Google and passkeys, which can be stored in and synced across your devices with Google Password Manager," the Google VP explained.
"Passkeys are phishing-resistant and can log you in simply with the method you use to unlock your device (like your fingerprint or face ID) — no password required. And when you pair the ease and safety of passkeys with your Google Account, you can then use Sign in with Google to log in to your favorite websites and apps — limiting the number of accounts you have to maintain."
It comes a few weeks after Microsoft ditched passwords in favour of passkeys as the default option to secure its online accounts for all new users — impacting millions of new Windows 11, Office 365, and Xbox.
The stakes have never been higher for Gmail users. Statistics show that 60% of US email users have noticed an increase in scams over the past year, with one-third personally experiencing a data breach. And the really bad news? Your current password offers little protection against these common threats.
Switch to 1Password for FREE
The award-winning 1Password is designed to generate and store unguessable passwords, passkeys, credit card numbers, national insurance numbers, and much more. This encrypted vault is available across all of your favourite devices, including iPhone and Android, Windows and Mac computers, iPad and other tablets. Its built-in WatchTower feature evaluates password strength and warns about data breaches that impact you. 1Password is currently free to test for 14 days with no obligation to subscribe
1Password
$2.99
$0
According to figures from the FBI, online scams raked in a record $16.6 billion last year — up 33% in one year — and are growing more sophisticated all of the time.
Despite many believing passwords have served them well against these threats, Google insists this false sense of security is dangerous. Even the most secure passwords — with a random mixture of lowercase and uppercase characters, numbers, and symbols — can be cracked with enough time. Using words found in the Dictionary will speed-up this process for hackers.
Even if you've picked a strong alpha-numeric password, there's always a chance that a breach from the online service itself exposes the password. This is why it's so important to avoid using the same username and password combination across multiple sites, since once your details have been exposed once, hackers can use a technique known as credential-stuffing to unlock multiple accounts.
If cybercriminals gain access to your primary inbox, they can start resetting passwords for other online accounts to unlock access to shopping websites with saved payment methods, video streamers, bank accounts, and much more.
Google conducted research around the security practice of its users to highlight the importance of moving away from traditional passwords
GOOGLE PRESS OFFICE
If you're someone who desperately doesn't want to give-up using passwords, enabling 2-Step Verification (2SV) is an essential step to add a second line of defense so that a password alone can’t empower a bad actor.
With this enabled, after you've entered the correct email address and password, Google will send a notification to an Android handset, or iPhone apps already signed into your Google Account, such as Google Photos, YouTube, or the Google app. You'll need to approve the sign-in from these apps before you're able to login elsewhere.
What makes passkeys such a step-up in security compared to passwords? For starters, there's nothing to remember, since your identity is verified by the fingerprint or facial recognition built into your phone, tablet, or laptop. That means you won't need to memorise a complex password with random letters, numbers, and symbols.
It also means there's no temptation to write down your password anywhere that hackers could find.
Unlike passwords, passkeys aren't stored with a specific service — so there's nothing for cybercriminals to steal.
Passkeys avoid some of the major pitfalls of a traditional password, since there's nothing to steal and nothing to memorise
GOOGLE PRESS OFFICE
Instead, the critical information is securely stored on your device, like a smartphone or computer, within a password manager, like the Google Password Manager built into Google Chrome, or the Passwords app preinstalled over every iPhone, iPad, or Mac.
When you rely on a passkey to login, the service verifies your identity by communicating with the device or password manager that holds the passkey — and it's your device that vouches for you.
Speaking to Forbes, Chief Product Officer at 1Password, Steve Won said: "Every passkey is made up of two keys — a unique public key, which is created and stored on that company’s server, and a private key, which is stored on the user’s device."
The public key, known to everyone, can only be solved if you have access to the private key, which is secret, stored securely on your device, and known only to you.
"Because of this,” Steve Won continued, “passkeys are nearly impossible for hackers to guess or intercept because the keys are randomly generated and never shared during the sign-in process."
Before creating your passkey, ensure you have the necessary equipment. You'll need a computer running Windows 10, macOS Ventura or ChromeOS 109 or later, plus a smartphone with iOS 16 or Android 9 or later.
Your phone must have Bluetooth and screen lock enabled. You'll also need the latest version of Chrome, Edge, Firefox or Safari. iOS and macOS users must enable iCloud Passwords and Keychain.
How to enable passkeys on Gmail
The three-step process is straightforward. First, access your Google Account settings and navigate to Security in the left-hand menu, then How You Sign In To Google > Passkeys. Next, click "create a passkey" and follow the prompts. Finally, verify your identity using fingerprint or facial recognition on your computer or smartphone.
And that's it — you've successfully replaced your vulnerable Gmail password with a secure passkey.
Gmail is one of the most popular email services on the planet, with over 1.8 billion account holders worldwide
GOOGLE PRESS OFFICE
Despite the clear security benefits of switching from passwords to passkeys, adoption for this system varies massively across age groups. Research by Google shows that over 60% of Gen X and Baby Boomers still rely on passwords as their primary sign-in method.
Although many are familiar with newer authentication methods like Sign in with Google, only about 30% use them daily, demonstrating a reluctance to abandon legacy systems.
LATEST DEVELOPMENTS
- Three and Vodafone users promised boosted phone signal at ‘no extra cost’
- There's a brand-new way to watch Sky TV, and it's on-sale from £6 today
- Your iPhone, iPad and Mac will look unrecognisable with new design update from Apple
- Best VPN deals
- Vodafone unleashes fastest broadband upgrade yet
- Apple will let you save your passport on iPhone ...but UK users miss out for now
In contrast, digitally-native Gen Z users are bypassing outdated security norms, gravitating towards passkeys and social sign-ins. This generational divide represents a critical vulnerability, as older users remain exposed to the very threats Google is warning against.
"Gen Z's embrace of these tools actually represents a big step forward for collective security," Kotsovinos noted, highlighting how younger users are leading the shift towards safer authentication methods.
Most Read
