# Google Warns Most Gmail Users Must Change Passwords
In a pressing warning to its users, Google has confirmed that most of its 2.5 billion active Gmail accounts are at risk due to compromised passwords. The tech giant's recent security breaches have highlighted the need for all users to take immediate action to protect their accounts from malicious hackers.
The situation became apparent when Google's own Salesforce database was hacked, sending shockwaves through the online community. This breach exposed sensitive information that scammers could use to target unsuspecting Gmail account holders via emails and calls, even posing as Google support staff. The attackers are utilizing Google's AI to make their phishing attempts more convincing.
Google had already warned its users about the importance of upgrading their account security before this latest set of hacks and warnings. This involves using a two-factor authentication method that doesn't rely on SMS and adding a passkey to accounts, which is then used as the default sign-in method. Unfortunately, most Gmail users still don't have these additional layers of security in place, relying primarily on passwords with some basic form of 2FA.
The lack of strong security measures leaves users vulnerable to fake sign-in pages designed to steal their passwords or trick them into divulging 2FA codes. This is a concern that's echoed by recent attacks on Amazon and PayPal accounts, highlighting the importance of using unique, hard-to-guess passwords across all accounts. Moreover, Google has revealed that only about 36% of its users regularly update their passwords.
# Urgent Action Required
Given this alarming information, it's crucial for all Gmail users to take immediate action. If you haven't changed your password this year, do so right away. Choose a standalone password manager to create and save new, unique passwords. Then, switch your 2FA method from SMS-based authentication to an authenticator app.
If you don't already have a passkey, consider adding one now. Once you've set up your passkey, stick strictly to its use for sign-in purposes. If any login window asks for a password on a device with a passkey, this is a red flag. Avoid signing in via links, even if they appear to originate from Google.
By taking these steps and prioritizing strong security measures, you can significantly reduce your risk of falling victim to phishing attempts or other account breaches. Remember, it's always better to err on the side of caution when it comes to protecting your online identity.