Warning to people using passwords on their Google and Microsoft accounts

Google has warned that most of its users are still relying on less secure methods to log into their accounts and encouraged them to adopt passkeys for better protection against cyberattacks.

Many people use their Google account or Gmail address as their primary login credentials for various online platforms and as a channel to retrieve or change passwords if they forget them.

According to World Population Review, roughly 65.5% of email users in South Africa have a Gmail account.

A Google account is also required for the best experience on Android, which holds over 80% of the smartphone operating system market share in South Africa.

Cybersecurity experts have regularly warned that most instances of “hacking” involve stolen, guessed, or phished passwords.

While choosing a complex password already helps mitigate against this, it can make logging in a major hassle if a user has to recall a lengthy combination of letters, numbers, and special characters.

Google recently told Forbes that despite its push for passkeys, most users still relied on passwords and multi-factor authentication (MFA) to secure their accounts.

Google said it wanted to move beyond passwords while keeping sign-ins as simple as possible. While MFA adds an extra layer of security, it makes the login process more difficult and time-consuming.

Passkeys are a type of sign-in standard created by the Fast Identity Online Alliance and are intended to eventually replace passwords completely.

These credentials allow users to securely log into their account using a fingerprint, face scan, or screen lock PIN on a device where they have generated a private cryptographic key for a particular platform.

While the device itself acts as the key to open the door, it will only work when in the hands of the owner or someone who knows their PIN. Without the device, the PIN is useless.

Passkeys are powered by public key cryptography technology, which has been around for more than 50 years.

However, the technology required users to have substantially more computing power on hand than what was available until the emergence of the smartphone.

Google Security expert Christiaan Brand has explained that passkeys help resolve the three main issues with online security — stolen passwords, additional MFA hassles, and phishing attempts.

While MFA provides an additional layer of security, it requires more effort on the user’s part to let them get into their account.

A passkey acts as both the password and the MFA verification, making the login process much simpler and faster.

Microsoft’s passwordless push

Google is not the only major tech company pushing people to ditch passwords — Microsoft is being even more aggressive.

Microsoft has warned that password-breaking attempts have increased dramatically in 2025. “We block 7,000 attacks on passwords per second — almost double from a year ago,” Microsoft said.

“At the same time, we’ve seen adversary-in-the-middle phishing attacks increase by 146% year-over-year.”

The company also has a substantial South African market share in the desktop OS market, and its productivity suite and Xbox gaming platform are also immensely popular locally.

Microsoft already added the option for users to delete their account passwords and sign in with alternative methods in 2022. It added passkey support just over a year ago.

More recently, it launched a new sign-in experience for Windows, Xbox, Microsoft 365, and other platforms that shifts away from password usage.

The process only requires that users verify that they have access to their chosen email address by providing a one-time code sent to that address.

Once users are signed in, they will be asked to add a passkey on their device. After this is done, they won’t be asked to re-enter a new OTP on that device to log in again.

Instead, they can just re-authenticate themselves using a fingerprint, facial scan, or a PIN on the device where they added the passkey.

On top of extra security, a Microsoft experiment found that passkeys offered several benefits in terms of convenience, including:

• Signing in with a passkey was three times faster than using a traditional password and eight times faster than a password and traditional multifactor authentication
• Users are three times more successful signing in with passkeys than with passwords (98% versus 32%)
• 99% of users who start the passkey registration flow complete it

Microsoft aims to have over a billion users delete their passwords completely and switch to passkeys over the next few years due to accelerated password-breaking attempts.