Gmail Security Upgrades: Passkeys and Two-Factor Authentication Enforcement
Evanne Evans, 12 Jul 2025
In a significant move to enhance user security, Google will soon enforce mandatory upgrades for all Gmail users by mid-July 2025. The tech giant will require the activation of two-step verification (2FA) and passkeys, creating two robust defenses against phishing, hacking, and unauthorized account access.
Two-factor authentication has long been recognized as a critical layer of protection. By requiring users to verify their identity with something they know (password) and something they have (a phone or hardware key), 2FA dramatically reduces the risk of account compromise.
As noted by SmashingApps, Google is now making this extra step compulsory for Gmail accounts, moving beyond previous opt-in models. This means that users who have not yet enabled 2FA will be prompted to set it up, or they will face limited access until they do.
Complementing 2FA, Google is rolling out Passkeys, an advanced authentication method that replaces traditional passwords with cryptographic keys stored securely on devices. Passkeys offer a smoother and more secure login experience by eliminating the need for password reuse and reducing vulnerability to phishing scams.
According to The Verge, Passkeys utilize public-key cryptography, enabling users to authenticate themselves using biometrics or device PINs without transmitting passwords over the internet.
The combined enforcement of 2FA and Passkeys reflects Google’s broader commitment to a zero-trust security model, where continuous verification is required to protect accounts, regardless of the network environment. This dual approach can significantly mitigate the common online attacks frequently used by cybercriminals.
Users are encouraged to prepare ahead by updating their security settings, registering security keys, and familiarizing themselves with passkey usage. IT administrators in organizations should also communicate these changes clearly to avoid disruptions.
Ultimately, Google’s mandatory security upgrades mark a pivotal step in making Gmail accounts safer by default, helping users stay protected in an increasingly complex digital landscape.
