Google Pushes Gmail Users Toward Passkeys: “Change Your Password Now”

Amid escalating cyber threats and rising instances of two-factor authentication (2FA) bypass attacks, Google is urging Gmail users to embrace passkeys—an emerging login technology that replaces passwords and 2FA with more robust account security. While this shift has been hailed as “the beginning of the end of the password,” Google’s approach highlights a transitional phase in which passwords remain, for now, a fallback option on devices that don’t yet support passkeys.

“We’re at a critical juncture where AI-fueled attacks and 2FA code theft make traditional passwords a prime vulnerability,” a Google spokesperson said. “Passkeys provide a fundamentally stronger layer of security, so users should adopt them as soon as possible.”

Passkeys vs. Passwords

Microsoft has already announced plans to steer its billion-plus users toward passkeys, advising that leaving passwords active undermines the full benefit of the new technology. While Google has not yet mandated a wholesale shift, its recommendation to use passkeys and keep passwords as a rarely used backup signals a future where traditional login credentials could be phased out altogether.

Security experts warn that relying on passwords and standard 2FA, especially SMS-based codes, is increasingly risky. Attackers have found ways to intercept text messages and clone mobile numbers, compromising even strong password-and-2FA setups. Passkeys aim to close this loophole by eliminating the reliance on text-based codes altogether.

What Gmail Users Need to Do

1. Set Up a Passkey: Google recommends that users enable passkeys on all compatible devices. Once created, passkeys allow for quicker and safer sign-ins, eliminating the need to enter or store traditional passwords.
2. Update Your Password: If you choose to keep a password as a fallback, Google advises selecting a long, unique string—something you won’t need to enter frequently.
3. Strengthen 2FA: Should you still require two-factor authentication, security experts suggest moving away from SMS-based verification in favor of app-based or hardware-key options.
4. Monitor Logins: Because passwords remain an option on devices that don’t yet support passkeys, Google encourages users to keep an eye on any fallback sign-ins and immediately report suspicious activity.

Beyond Passwords and 2FA

Security analysts say the real game-changer lies in widespread adoption of passkeys across major platforms. While Google and Microsoft are driving this evolution, they also face the challenge of persuading users to break long-ingrained habits. Industry watchers predict that incentives—such as easier logins—and clear warnings about the perils of sticking with older methods will eventually drive mass adoption.

“We need to see a more forceful push, including deadlines and incentives,” one cybersecurity researcher noted. “2FA is a good fallback, but it’s time to move beyond half-measures. Passkeys are the future.”

Google has also hinted at further security innovations, such as “shielded email addresses” that reduce the risk of scams and transparent on-device threat detection. For now, however, the focus remains on getting users to switch to passkeys—and lock down those aging passwords.

Bottom Line: If you haven’t already, set up a passkey for Gmail. Then change your password to something extremely long and unique—after all, you won’t need to use it much—and choose the most secure 2FA method available. It’s a small step with big benefits for safeguarding your digital life.

Photo Credit: DepositPhotos.com