Gmail users should be paying attention to two security upgrades they can – and should – be making to their accounts in order to protect themselves.
According to The Daily Mail, Google will soon require Gmail users to activate 2-step verification (2SV) and has already begun sending out emails to alert users that haven't done so yet to take action. Those who still need to enable the feature have been given a deadline between 15 and 30 days. After that time, they could potentially lose access to their accounts.
It’s one of a few security measures the search giant is making as part of an update to curtail the flood of (very) realistic looking phishing and spam emails that have been on the rise lately. Though Google has AI filters that will remove most of these unwanted emails, requiring users to enable 2SV is another step to protect them and their accounts from the threats that do manage to get through.
However, according to Forbes, Google’s VP of privacy Evan Kotsovinos says another good step to make your account even more secure if to replace your password entirely. The logic behind this recommendation being that passwords are difficult to maintain and easy to crack – which is why so many people rely on one of the best password managers to generate and securely store them instead.
Kotsovinos' recommendation is to trade your password in for a passkey, which involves using your biometric information like your fingerprint or facial recognition alongside a trusted device like your smartphone.
Steve Won from 1Password told Forbes that passkeys are preferable because each is made up of two components: a unique public key created and stored on the company’s server, and a private key stored on the user’s device. “As with all dual systems, the public key is used to create a challenge that can then only be solved if you have access to the private key which is secret and known only to you. Because of this, passkeys are nearly impossible for hackers to guess or intercept because the keys are randomly generated and never shared during the sign in process.”
That means the passkeys cannot be guessed, or compromised by weak credentials, they cannot be stolen in a data breach and there’s no chance of them being broken into by a brute force attack or picked apart during password spraying. Additionally, because a passkey gets tied to your account, and not your devices, if your phone is lost or stolen you can still access your account and recover your passkey on another device by signing in.
How to turn on two-step verification
If you haven’t already enabled two step verification, you absolutely should. It’s a smart way to protect your account and something that we recommend alongside two-factor authentication for all your accounts.
Simply go to myaccount.google.com/security and turn on 2-step verification, you will be offered a choice between text, an authenticator app or a physical security key. From there you can updated saved log-in methods and update your back up email and phone number just in case.
How to switch to a passkey
To sign up for a passkey, go to the Security Settings section of your Google Account and select the passkey option for “How you sign into Google.”
From there, click on Create a passkey, and then follow the prompts given to verify your identity using either your fingerprint or facial recognition on your device. That's it.
More from Tom's Guide
- These three TP-Link routers are being targeted by hackers – here’s what to know
- Going on vacation? Secure your smartphone with these 7 tips
- I fell for the biggest security mistake and let hackers into my accounts — here's how I stopped them
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
