Google’s Gmail security is changing.
dpa/picture alliance via Getty Images
While millions of Gmail passwords have not suddenly been leaked, despite many reports, Google warns compromised security credentials give hackers access to accounts. His advice is clear — if you haven’t already, switch that account now.
For the second time in just a few weeks, Google knock back as stated (1,2) suggested a massive new password leak. “Reports of ‘Gmail security breach affecting millions of users’ are false. Gmail’s defenses are strong and users remain protected.”
But just because the hack isn’t new doesn’t mean it isn’t dangerous. Google says users should “reset passwords when in large batches like this.” In fact, don’t wait for a breach to occur while regularly changing passwords is no longer considered best practice, making sure passwords are strong and definitely unique.
But passwords will always be vulnerable to leakage or theft. “Attackers are stepping up their phishing and credential theft methods, which drive 37% of successful attacks,” Google said warnsand “an exponential increase in cookie and authentication token theft as the preferred method for attackers, with an 84% increase in info-tealers.”
That’s why Google tells users that “adopting passcodes as a stronger and more secure alternative to passwords” stops account password breaches.
And on that note, with these latest “Gmail security breach” headlines continuing to swirl, there was some quieter, better news for Google and its billions of Gmail account holders.
“Google mandates half of password authentication activity”, Dashlane confirmed in the latest password adoption report. “A scale so dominant that including it in our top 20 would alter the competitive landscape for other services.” According to the password manager, “Google’s sheer volume is less than that of other platforms.”
This, he says, stemmed from “a defining product decision: In October 2023, Google made passwords the default sign-in option for personal Google Accounts. This move effectively exposed hundreds of millions of users to password-less authentication, creating the largest real-world deployment of passwords to date.”
The result: “Google password authentications have increased by 352% in the past year.”
Unlike Microsoft, Google does not yet support the complete deletion of passwords. However, he says defaulting on passkeys means users can create complex passwords and multi-factor authentication options that don’t have to be as convenient as SMS.
So while adopting passwords is the solution, it only works if you stop using your password — even if a password remains on the account (with MFA) as a backup.
“Google’s approach demonstrates the power of defaults,” says Dashlane. “By making passwords the path of least resistance instead of a security option, Google has turned password adoption from a trickle into a flood.”
