accounts Archives

Winsage

April 24, 2026

Microsoft to roll out Entra passkeys on Windows in late April

Microsoft will introduce passkey support for phishing-resistant passwordless authentication on Microsoft Entra-protected resources starting in late April, with broader availability expected by mid-June 2026. This feature will allow passwordless sign-in on unmanaged Windows devices and will support various device types, including corporate, personal, and shared options. Administrators can manage passkeys through Conditional Access and Authentication Methods policies. Users can create device-bound passkeys stored securely within the Windows Hello container, using methods like facial recognition, fingerprint scanning, or a PIN. The passkeys will adhere to FIDO2 standards and will be securely bound to individual devices, preventing transmission over the network to enhance security against phishing and malware attacks. Microsoft has also announced plans for mandatory multifactor authentication registration for Entra tenants by October 2024 and that all new accounts will be passwordless by default starting in May 2025.

AppWizard

April 24, 2026

Google Adds Verified Email Feature to Simplify Android App Logins

Google has introduced a verified email feature for Android applications, accessible through the Credential Manager API. This feature allows apps to retrieve a user's verified email directly from their device, improving the login and account creation processes by eliminating the need for one-time passwords (OTPs) and email verification links. Users receive a system-level prompt to share their verified email with a simple tap, enhancing the user experience by reducing interruptions. The feature also benefits developers by simplifying verification systems and potentially decreasing user drop-off rates during registration. Currently, it supports Google accounts, with plans to include other identity providers in the future. Google advises developers to continue using traditional verification methods for non-Google accounts to ensure compatibility.

AppWizard

April 24, 2026

Google rolls out verified email feature for Android apps, removing need for OTPs

Google has introduced a verified email feature for Android applications via its Credential Manager API, allowing users to access their verified email addresses directly from their devices without traditional verification steps like OTPs or email links. Users receive a system-level prompt to share their verified email with a single tap, improving the user experience by eliminating the need to switch between apps. This feature simplifies the onboarding process for developers, reducing user drop-offs during registration and potentially improving conversion rates. Currently, it supports consumer Google Accounts, with plans for broader adoption pending support from other credential issuers. The system is intended for various use cases, including account creation, re-authentication, and recovery, while maintaining existing verification methods for non-Google accounts. This initiative is part of Google's effort to enhance authentication integration into the operating system and reduce reliance on passwords and multi-step verification.

AppWizard

April 24, 2026

Google Verified Email delivers powerful boost to Android app signups

Google Verified Email is a feature that streamlines the email confirmation process on Android devices by eliminating the need for one-time passwords (OTPs) or link tapping. It uses Android’s Credential Manager to store a cryptographically verified email credential on the device. When a user interacts with an email field or a sign-up button, a prompt requests permission to share the verified email with the app, allowing for instant confirmation without leaving the screen. This feature currently supports consumer Google Accounts on devices running Android 9 or later with updated Google Play services. Apps cannot access user information without explicit consent, and the feature can also be used for account recovery and profile modifications. Developers can use the Credential Manager API, which is issuer-agnostic, but Google’s credential specifically verifies only the email address. Despite its benefits, Google recommends maintaining backup options like manual email entry or traditional OTPs for situations where no suitable credential is available.

AppWizard

April 23, 2026

Australian Government Demands to Know What Roblox, Minecraft, Fortnite, and Steam are Doing to Prevent Grooming, Radicalisation

The Australian Government's eSafety office has requested major gaming platforms, including Roblox, Microsoft, Epic, and Valve, to provide details on their measures to prevent child grooming and extremist content. The eSafety office has issued legally enforceable transparency notices due to concerns that platforms like Roblox, Minecraft, Fortnite, and Steam may be exploited by predators and extremist groups. Approximately 90% of children aged 8 to 17 in Australia engage with online games, highlighting the need for protective measures. Reports indicate that these platforms have been associated with grooming incidents and extremist themes, including games inspired by the Islamic State and depictions of mass shootings. Non-compliance with the transparency notice could result in penalties of AUD5,000 per day. In response, Roblox has committed to safety initiatives, including AI technology to review content and plans for age-based accounts to enhance user safety.

Tech Optimizer

April 23, 2026

The antivirus feature I skip on every SSD-powered PC

File shredders may not effectively erase data on solid-state drives (SSDs) due to the way SSDs distribute data, which can lead to deleted files remaining retrievable. Additionally, using file shredders can reduce the lifespan of SSDs because of their limited write cycles. Instead of file shredders, drive encryption is recommended for protecting sensitive data on SSDs, as it ensures that deleted data remains unreadable. Windows 11 offers integrated drive encryption for users with a Microsoft account, and tools like VeraCrypt or Cryptomator can create encrypted folders for managing sensitive documents. It's important to safeguard access to encrypted data by backing up decryption passwords or recovery keys.

Winsage

April 23, 2026

Engineering secure passkey sync in Microsoft Password Manager

Passkeys are a new form of authentication that replace traditional passwords, providing a phishing-resistant and streamlined sign-in process. Microsoft Password Manager allows users to save and synchronize passkeys across devices linked to their Microsoft accounts, enhancing accessibility. The architecture for passkey syncing includes confidential computing for sensitive operations, hardware-rooted key protection for encryption keys, tamper-evident recovery storage, and encrypted synchronization across devices. Sensitive passkey operations are executed in Azure's confidential computing environments, ensuring cryptographic materials are processed securely. The encryption keys are protected using Azure Managed HSM, with access governed by attestation-based mechanisms. Registration and recovery processes require user authentication and enforce security measures within confidential computing boundaries, including a lockout state after consecutive incorrect PIN attempts. The system aims to provide a secure and user-friendly experience as part of a transition to a passwordless future.

AppWizard

April 23, 2026

Goodbye, OTPs and magic links: Signing up for new Android apps just got a lot easier

Google has introduced a Verified Email feature for Android applications that simplifies the sign-up process by eliminating the need for magic links and one-time PINs (OTPs). This feature allows users to register for apps using a "cryptographically verified email credential" sourced from their Google account, which is securely stored on their device. It enhances security by enabling app developers to prompt users to create a passkey during registration. The Verified Email feature can also be used for account recovery and re-authentication for sensitive actions. However, it is currently limited to consumer Gmail accounts, and users with Workspace or managed accounts must still use traditional verification methods. Additionally, Google accounts created with non-Google email addresses may require extra verification steps from app developers. The feature is accessible on devices running Android 9 or newer and Google Play Services version 25.49.xx or later.

AppWizard

April 22, 2026

Australia probes Roblox and Minecraft over child safety

Australia's eSafety regulator has issued legally enforceable transparency notices to gaming companies, including Microsoft and Roblox, requiring them to detail their measures against sexual exploitation and radicalisation. The eSafety Commissioner, Julie Inman Grant, highlighted that 90% of Australians aged eight to seventeen engage in online gaming, which poses risks such as grooming and radicalisation. Non-compliance with the notices could lead to penalties. Microsoft is reviewing the notice, while Roblox is facing over 140 lawsuits in U.S. federal courts for allegedly facilitating child sexual exploitation. Roblox has reached settlements in Alabama and West Virginia and plans to introduce tailored accounts for younger users.

AppWizard

April 22, 2026

Google is testing a more vibrant, organized Gemini app, and I hope it sticks

Google is testing a visual overhaul for its Gemini application on Android devices, introducing brighter colors and new icons. The redesign includes a shift from a sky-blue background to a vibrant blue with a gradient, and a revamped dark mode background. Enhancements will extend to temporary chats and the Gemini Live interface, with distinct background colors for light and dark modes. The new interface will feature minimalistic icons and may include an animated button inspired by ChatGPT’s Voice Mode. The account picker may be removed from the home screen and relocated to the sidebar, which will have tidier icons and occupy the full screen when opened. Additional modifications include new buttons for initiating chats and sharing options. Some features may not appear in the final public release.