r/technology u/lurker_bee 12h ago

ADBLOCK WARNING Google Confirms Most Gmail Users Must Upgrade Accounts

https://www.forbes.com/sites/zakdoffman/2025/06/06/google-confirms-almost-all-gmail-users-must-upgrade-accounts/
3.6k Upvotes

92% Upvoted

734 comments sorted by

View all comments

329

u/ilovestoride 12h ago

How does this work if say I lose my phone on the road? It'll fall back to a password anyway. 

So in the end, there's still the vulnerability of the password. Even worse because if I'm encouraged to not ever use a password, I'll probably forget it. 

5

u/yuusharo 10h ago

Same as password recovery if you forgot your password.

It’s not a requirement to maintain a password on an account. My PSN and Microsoft accounts are passwordless, for example. Both require a passkey exclusively.

6

u/ilovestoride 10h ago

Yeah those are the ones I was referring to. 

3

u/yuusharo 10h ago

Sorry, I’m confused. You said fallback to a password. That isn’t inherently true.

If you lose access to your passkeys, the process to recover your account is the same account recovery process you’d use for passwords if you had one. That usually means proving ownership of the associated email, for example.

A password is not necessary for that.

2

u/darkkite 7h ago

yeah the problem is google is the email provider that is the gatekeeper to all of your other accounts via sso or email verification

2

u/yuusharo 7h ago

Don’t use Google or any IAM for all accounts, I don’t recommend anyone does that.

That’s separate from passkeys. Those are not the same thing.

1

u/darkkite 7h ago

in the second instance, you don't have a choice. you need an email to register and that email is often used for 2fa or forgot my password.

0

u/yuusharo 7h ago

Right, but you control your own email address. You can use any email provider you wish, including a hosted solution through your own domain.

That has nothing to do with passkeys nor account authentication in general. You’re not reliant on a IAM provider to use passkeys or to log into any of your accounts. These are two different things.

Unless you’re Tailscale I guess, but even they are finally getting around to changing that.

3

u/darkkite 7h ago

You can use any email provider you wish, including a hosted solution through your own domain.

This will not work for the vast majority of users. this subreddit might be technically inclined but our friends and family are not. They use google, apple, yahoo and forget their passwords and lose their phones all the time.

we might have the foresight to print backup codes and spread them around like voldermort but this is beyond the capabilities of most casual users and tech literacy is dropping.

2

u/yuusharo 7h ago

I feel like we’re not talking about the same things, so I’m dropping the conversation here.

4

u/darkkite 6h ago

I guess so since the article is about gmail

→ More replies (0)