On June 8, 2025, Google issued an urgent warning for Gmail users to abandon passwords and two-factor authentication (2FA) in favour of passkeys and social sign-ins, such as “Sign in with Google.” Citing a surge in AI-driven cyberattacks, the tech giant aims to bolster account security amid rising phishing threats.
Google reports that 61% of email users have faced hacking attempts due to weak passwords. “Passwords are painful to maintain,” the company stated, noting their vulnerability to phishing and data breaches. AI-powered scams, which mimic legitimate communications, have intensified these risks.
Passkeys, a phishing-resistant login system, uses biometric authentication via trusted devices, like fingerprints or facial scans. This method simplifies logins while enhancing security. Google also promotes social sign-ins, leveraging authenticated platforms for seamless, secure access.
The warning follows a near-miss for Instagram head Adam Mosseri, who shared on Threads that he nearly fell for a sophisticated phishing scam. A caller from a U.S. number (818-538-7922), posing as a Google representative, used a convincing email from a “secure Google domain” to trick him into changing his password. Mosseri avoided the scam thanks to prior awareness from a friend’s similar experience.
This incident underscores the growing sophistication of cyberattacks, even targeting tech leaders. Google’s push for passkeys aims to protect users from such schemes.
Younger users, particularly Gen Z, embrace passkeys and social sign-ins, while older generations rely on passwords. Google encourages all users to adopt passkeys, which are now supported across major platforms like Gmail, YouTube, and Google Workspace.
To stay safe, Google advises enabling passkeys in account settings, avoiding suspicious calls or emails, and verifying login prompts.
