A major security update is rolling out for Gmail users. If you haven’t changed your password or turned on two-step verification yet, do not delay any further. As reported by The Daily Mail, Google has begun alerting Gmail users to secure their accounts as part of a larger push to protect against phishing attacks and rising online threats.
Besides, the company is giving users just 15 to 30 days to enable 2-step verification (2SV), or they risk losing access to their accounts. With reports of over 16 billion passwords leaked across platforms like Google, Apple, and Facebook, this is a serious wake-up call.
How to secure your Gmail account
Step 1: Change your Gmail account password right now
If you’re still using an old password to sign into your Gmail, it might be time for a serious security upgrade. Google strongly advises users to stop relying on old, reused or weak passwords. A strong, unique password is your first line of defence against unauthorised access.
Even if your account hasn’t been compromised yet, security experts warn that it’s only a matter of time considering today’s threat landscape. Updating your Gmail password now is a crucial first step.
Step 2: Turn on two-step verification (2SV)
Still relying on just a password to protect your Gmail account? That’s no longer enough. Google is now making 2-step verification (2SV) mandatory for many users. While Google’s AI already blocks most suspicious emails, adding 2SV gives users an extra layer of protection in case harmful messages slip through.
As phishing attacks become more sophisticated, passwords alone are too easy for hackers to crack, especially if they’ve been leaked in past breaches. With 2SV enabled, even if someone steals your password, they won’t be able to access your account without the second layer of security. This could be a unique code sent to your phone, a prompt in the Google app or a physical security key.
How to enable 2SV:
- Visit Security Settings on your Google account.
- Scroll to “Signing in to Google” and click on 2-Step Verification
- Choose your preferred method: text message, authenticator app or security key
- Double-check your backup phone number and recovery email
Step 3: Replace your Google password with a Passkey
According to Forbes, Google’s VP of privacy, Evan Kotsovinos, is urging users to use passkeys, a next-gen, passwordless login system that’s far more secure and easier to use. A passkey uses your fingerprint, face recognition or device PIN, combined with a private digital key that stays only on your device.
Unlike passwords, passkeys are resistant to phishing and can’t be reused, making them virtually impossible to hack or intercept.
Even if someone gets your old password, they won’t be able to break into your account without the unique passkey on your trusted device. And in case your device is lost or stolen, you can easily recover your passkey from another device linked to your Google account, without losing access
How to create a passkey:
- Go to Security Settings on your Google account
- Under “How you sign in to Google,” select Passkeys
- Click Create a passkey
- Follow the on-screen prompts to verify using your device’s biometric authentication (like fingerprint or face ID)
