Google’s Gmail Upgrade: Do Not Lose Access To Your Account
Google has issued a warning to its users about the importance of securing their accounts, as hackers are gaining access to those accounts using stolen credentials and two-factor authentication bypasses.
The tech giant has also introduced a new feature called "Sign in with Mobile Number," which allows users to regain access to their Google account if they lose their phone completely. This feature is designed to make recovery on a new Android device easier, by automatically identifying the user's accounts using their phone number and requiring only the lock-screen passcode from the previous device for verification.
However, this new option raises concerns about the risk of socially engineered attacks. Google has introduced a "Recovery Contacts" feature, which allows users to designate trusted friends or family members as Recovery Contacts. If the user is locked out due to a forgotten password, lost passkey device, or account compromise, these contacts can help verify their identity and provide a simple and secure way to regain access.
But this contact option is fraught with risk, as it relies on manual entry and has no checks in place. If users want to take the risk, they will find Recovery Contacts under Security in their Google Account, which has been newly redesigned to make managing personal information easier.
A Warning from Microsoft
Microsoft has also issued a warning about the importance of security in email accounts. The company says that phishing-resistant MFA is the gold standard for security, and that it can block over 99% of unauthorized access attempts. However, Sophos warns that email-based attacks are active, sophisticated, and increasingly lucrative for attackers.
Sophos also notes that phishing and business email compromise (BEC) exploit trust, steal credentials, and cost organizations billions. The company adds that attackers are leveraging generative AI tools to craft more convincing phishing emails and spam messages.
What You Can Do
The most important thing you can do is to add passkeys to your accounts and enable two-factor authentication (2FA). This will protect you against almost all attacks, linking your account security to your hardware. Additionally, Google suggests changing passwords for more complex, longer, and unique options.
Microsoft also advises its users to delete passwords entirely to avoid losing access to their accounts. However, the company notes that if a password remains in place alongside a passkey, then the account is at risk.
The Importance of Account Recovery
Google's new warning about losing access to your Google Account is a timely reminder of the importance of securing your accounts. Users should take action now before it's too late, by following these simple steps:
- Add passkeys to your accounts and enable two-factor authentication (2FA).
- Change passwords for more complex, longer, and unique options.
- Delete passwords entirely if possible.
- Set up a recovery phone number using Google's "Sign in with Mobile Number" feature.
By taking these simple steps, you can ensure your account remains secure and that you are not left without access to your email. Remember, phishing-resistant MFA is the gold standard for security, and it can block over 99% of unauthorized access attempts.