Google strengthens Gmail security against a new attack that can steal your 2FA codes in 30 seconds
A new attack known as Pixnapping is troubling cybersecurity experts. Capable of stealing a two-factor authentication (2FA) code in under 30 seconds, without the user noticing, this method poses a serious threat to online account security.
In response, Google is rolling out several new features aimed at better protecting Gmail accounts and assisting users in regaining access to their inbox in case of password loss, phone theft, or malware attacks.
Attacks on Google services have surged
According to internal data from Google, attacks targeting its applications, including Gmail, have increased by 84% in a year. The primary threat comes from phishing emails designed to steal user credentials and passwords.
To combat this rise, Google is updating its account recovery mechanisms—an essential but sometimes limited tool.
“Even with a unique SMS code, recovery can be challenging if you’ve lost your phone or forgot to update your number,” explain Claire Forszt and Sriram Karra from the Google Identity & Engagement team.
A new feature: Recovery Contacts
Google is introducing a new option called Recovery Contacts. This allows users to designate up to 10 trusted individuals—family members or friends—who can assist in restoring access to their account if it gets locked.
“This is a simple and secure solution that allows users to turn to trusted people when other recovery methods are not feasible,” Google emphasizes.
How to activate your Recovery Contacts:
- Go to myaccount.google.com/security
- Click on the Security tab
- Scroll down to the Recovery Contacts section
- Verify your identity, then add your contacts via + Add a recovery contact
These contacts will be able to help you unlock your Gmail account or any other Google service if you lose access.
“Sign in with your phone number”: another new feature
Google is also introducing a more convenient login method called Sign in with Mobile Number.
No more passwords:
- Simply enter your phone number.
- Associated accounts will appear on the screen.
- Select the right account and confirm with the unlock code from your phone.
A simpler—but still secure—way to access your Gmail account from an Android device. According to Eugene Liderman, Director of Security and Privacy for Android at Google: “This feature is being gradually rolled out worldwide. Keep an eye out for it to arrive on your phone.”
A strong response to the rise of cyberattacks
In light of the dramatic increase in hacking attempts, Google aims to simplify account recovery while eliminating reliance on passwords. The new security options give users greater control and resilience, even in the event of complete access loss.
The takeaway: it’s better to set up your recovery contacts now before it’s too late.
