Google has warned its more than 2.5 billion active Gmail users to change their passwords immediately. The company announced that cyberattackers have recently increased their use of phishing and credential theft methods, and that these attacks account for 37 percent of successful cyber breaches.

Gmail accounts are at significant risk

According to information from Google, attackers are deceiving users not only with spoofed emails but also by phone, posing as Google Support. Many people are reportedly scammed using this method. The company emphasizes that even two-factor authentication (2FA) alone is not sufficient, and in some cases, attackers can even obtain 2FA codes.

Research reveals that 64 percent of users do not change their passwords regularly, and Google states that this poses a major security vulnerability. Users who haven’t changed their passwords this year should do so immediately. However, simply changing their Gmail password isn’t enough. Google recommends using authentication apps that generate one-time codes for 2FA instead of SMS.

Users are also advised to be careful when choosing a password manager. It states that standalone password manager apps are more secure than built-in password managers for browsers like Chrome.

Another key recommendation from the company is the use of passkeys. Passkeys, which are biometric methods such as fingerprint, facial recognition, or a device unlock PIN, are much more resistant to phishing attacks. Only 34 percent of consumers in the US use passkeys. Google reminds users that if a device that supports passkeys still asks for a password on the login screen, it’s a serious warning sign.

Finally, it emphasizes that any sign-in process should be done directly through the official app or website, not through links sent via email or text.