Google confirms danger, tells users: Stop using your passwords. Source​

When I read this article in my feeds, my first thought was to panic. And then to groan at spending my evening trying to secure my email.

Google Confirms Gmail Warning - 3 Billion Users Must Now Act. Source​

The same alert was sent in this article from Forbes. Double panic!

The articles outline how a cryptocurrency professional (who would definitely be savvy in such cybersecurity matters), almost got sucked in by a Gmail phishing scam.

In short, he had been sent a genuine looking email from Google, which informed him that he was being subpoenaed to provide information from his Google account. He was then invited to click a link that would lead him to Google Support.

Clicking on the link led to a Google Sites page, which invited him to send in his documentation. From there, his login credentials would have been harvested, and then used to compromise his account.

The phishing scam was enabled through a breach in Gmail's security system, also known as the OAuth bug. It was able to bypass Gmail’s security filters. It also appeared legitimate as it came from authentic Google domains and had passed all standard security checks.

The articles conclude by interpreting Google's message as a call for users to move away from passwords and start using passkeys as soon as possible.

Both articles from EuroWeekly and Forbes were written in a manner designed to incite panic and fear. They're also the reason why non techy users can develop a fear of technology and refuse to engage.

The facts are:

1. Google has been advising that users move to adopt passkeys since 2023. This is not new. Google is also not advising its 2.5 billion users to stop using their passwords.
   ​
2. Google had originally refused to fix the OAuth bug that caused the phishing scam. When the information was posted to X, enough pressure was put on Google. They have now announced a fix for this issue.
   ​
3. Due diligence on any unfamiliar email you open is crucial, regardless of whether it appears to come from a genuine site. Simply put, if you don't recognize it, don't open it. If you have a feeling in your gut, delete it. And always check where it has been sent from.
   ​
4. Use 2Factor identification, which uses a secondary device, or phone number to verify your identity.
   ​
5. Change your passwords frequently. Given the number of passwords we all have to manage, using a Password Manager allows you to save multiple passwords in an encrypted vault. You would then only need to remember a single master password.
   ​
6. And yes, use passkeys. But make sure it's your choice, and not based on incendiary advice from a news site designed to get clicks.

A bit about passkeys, as explained by Google:

Passkeys are a more secure way to log into websites and apps using biometrics (like fingerprint or face scan) or a PIN — no need to remember passwords. They're safer than traditional passwords because they can't be phished or entered on fake sites.

However, passkeys are still limited in use and can be tricky to set up across devices. They work best within the same ecosystem (e.g., all Apple devices or all Google devices). Currently, syncing across different platforms like iPhone and Android, or Android and Windows, is still inconsistent.

Bottom line: Passkeys are promising, but for now, they’re most reliable if you mainly use devices from the same brand.

Overall, the goal is to use technology that works for you — even though it’s always evolving. Passkeys, like many tools, are still being refined.

Stay informed, so you can respond thoughtfully rather than react impulsively, or worse, ignore important changes altogether.

Have you thanked your AI tool lately? :)

Stats from TechRadar:

• Only around 70% of people are polite to AI when interacting with it
• Roughly two thirds of impolite AI users say it’s for brevity
• 12% of respondents are polite in case there’s a robot uprising :)

Seriously, OpenAI's CEO says that being polite to ChatGPT is costing the company millions of dollars, in electricity expenses. Each AI response consumes up to 0.14 kilowatt-hours, which is equivalent to 14 LED bulbs lit for one hour.

On the other hand, being polite to ChatGPT, is likely to get you a better set of responses.

It's a natural human instinct to be pleasant, especially when someone (or thing) has granted a request.

If we start to suppress this, maybe one day, the robots will take over :)

Thank you for reading!​
Temi

What software would you like me to review in future issues?
Let me know at: news@softwareroiguide.com​

​Unsubscribe | 113 Cherry St #92768, Seattle, WA 98104-2205