Gmail security push to passkeys amid rising credential theft

Security experts urge Gmail users to switch to passkeys and use stronger login practices as credential theft rises.

Gmail pushes passkeys as credential theft surges

Google says credential theft powering Gmail intrusions is rising and accounts for about 37 percent of successful break ins. Hackers use infostealer malware to steal credentials and gain access to accounts. The guidance is to use passkeys or Sign in with Google instead of passwords, avoid linked or popup sign in prompts, and use strong unique passwords with a non SMS form of two factor authentication.

NordPass lists the top 200 most common passwords and warns that many users still rely on weak passwords and reuse across sites. Hive Systems notes that reuse and weak character sets remain easy paths for attackers. Google Security Checkup is recommended to review devices and sign out unfamiliar ones. The article also urges using a standalone password manager to generate strong unique passwords and to avoid relying on browser saved passwords. It cautions that AI driven features in Gmail can raise privacy risks and calls for careful controls over how AI tools access email data.

The shift to passkeys marks a real turning point in online security, but adoption is uneven. People often prefer familiar habits, and the extra steps can feel like friction even when the payoff is clear. The piece frames a broader tug of war between convenience and safety in everyday online life.

Beyond password hygiene, the report highlights a layer of risk from AI features that may access sensitive data in Gmail. That adds a new dimension for users and regulators alike, as we balance faster tools with tighter controls. For readers, the takeaway is to stay vigilant, audit access regularly, and push platforms to prove that convenience will not come at the expense of privacy.

Highlights

The safer path online is built on simple, steady steps and clear controls.