authentication Archives

AppWizard

April 25, 2026

Have a Samsung phone and PC? You need the new Galaxy Connect Windows app

The user expanded their Samsung ecosystem with a Galaxy Book 4 Edge and tested the Galaxy Connect application, which includes four features: Continue on other devices, Storage Share, Multi Control, and Second Screen. Multi Control allows users to connect their Samsung phone or tablet as a secondary display, enabling seamless control of the mobile device from the primary display. The Second Screen feature lets users utilize a Galaxy tablet as a wireless display for their Windows computer, reducing lag by connecting directly. Storage Share provides access to files on Samsung devices from the PC's File Explorer, and the Continue on other devices feature syncs the clipboard for easier two-factor authentication. Users with ARM-based PCs may face limitations, and some without Intel network adapters have reported issues with Galaxy Connect's functionality.

Winsage

April 24, 2026

Microsoft to roll out Entra passkeys on Windows in late April

Microsoft will introduce passkey support for phishing-resistant passwordless authentication on Microsoft Entra-protected resources starting in late April, with broader availability expected by mid-June 2026. This feature will allow passwordless sign-in on unmanaged Windows devices and will support various device types, including corporate, personal, and shared options. Administrators can manage passkeys through Conditional Access and Authentication Methods policies. Users can create device-bound passkeys stored securely within the Windows Hello container, using methods like facial recognition, fingerprint scanning, or a PIN. The passkeys will adhere to FIDO2 standards and will be securely bound to individual devices, preventing transmission over the network to enhance security against phishing and malware attacks. Microsoft has also announced plans for mandatory multifactor authentication registration for Entra tenants by October 2024 and that all new accounts will be passwordless by default starting in May 2025.

Tech Optimizer

April 24, 2026

Fileless Malware and Email Authentication Gaps

Fileless malware operates stealthily within networks, utilizing legitimate system tools like PowerShell and Windows Management Instrumentation (WMI) to execute malicious code in memory without leaving traces on disk. Traditional antivirus solutions struggle to detect these threats due to their reliance on file signatures. The primary vector for fileless malware is email, where attackers use spoofed messages to trick users into activating malicious scripts. Misconfigurations in Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records create vulnerabilities that attackers exploit to deliver spoofed emails. Traditional endpoint protection mechanisms are inadequate against fileless attacks, necessitating a shift towards behavioral analysis for detection. Organizations must assess their preparedness by ensuring proper email authentication configurations and enhancing endpoint security capabilities. Integration among security teams and updated employee security awareness programs are also essential. Sendmarc helps organizations mitigate vulnerabilities by providing visibility into SPF, DKIM, and DMARC configurations and enforcing DMARC to block unauthenticated messages.

Winsage

April 24, 2026

Microsoft beefs up Remote Desktop security with … hard-to-read messages

Microsoft has released an update to improve the security of its Remote Desktop feature, which includes a warning for users opening Remote Desktop (.rdp) files. However, this warning is not displaying correctly for some users due to a bug identified in the Known Issues list after the April 14 update. The issue primarily affects users with multiple monitors set to different display scaling, leading to overlapping text or obscured buttons. Microsoft has advised users to synchronize their display scaling settings or use keyboard navigation as a workaround. The company plans to address this issue in a future Windows update but is not issuing an Out-of-Band update specifically for it. Additionally, a serious vulnerability (CVE-2026-40372) was discovered in the .NET framework, affecting versions 10.0.0 to 10.0.6, which requires immediate attention. This vulnerability impacts all Windows versions that received the update, including Windows 11 26H1.

AppWizard

April 24, 2026

Google Adds Verified Email Feature to Simplify Android App Logins

Google has introduced a verified email feature for Android applications, accessible through the Credential Manager API. This feature allows apps to retrieve a user's verified email directly from their device, improving the login and account creation processes by eliminating the need for one-time passwords (OTPs) and email verification links. Users receive a system-level prompt to share their verified email with a simple tap, enhancing the user experience by reducing interruptions. The feature also benefits developers by simplifying verification systems and potentially decreasing user drop-off rates during registration. Currently, it supports Google accounts, with plans to include other identity providers in the future. Google advises developers to continue using traditional verification methods for non-Google accounts to ensure compatibility.

AppWizard

April 24, 2026

Google rolls out verified email feature for Android apps, removing need for OTPs

Google has introduced a verified email feature for Android applications via its Credential Manager API, allowing users to access their verified email addresses directly from their devices without traditional verification steps like OTPs or email links. Users receive a system-level prompt to share their verified email with a single tap, improving the user experience by eliminating the need to switch between apps. This feature simplifies the onboarding process for developers, reducing user drop-offs during registration and potentially improving conversion rates. Currently, it supports consumer Google Accounts, with plans for broader adoption pending support from other credential issuers. The system is intended for various use cases, including account creation, re-authentication, and recovery, while maintaining existing verification methods for non-Google accounts. This initiative is part of Google's effort to enhance authentication integration into the operating system and reduce reliance on passwords and multi-step verification.

AppWizard

April 24, 2026

Google Verified Email delivers powerful boost to Android app signups

Google Verified Email is a feature that streamlines the email confirmation process on Android devices by eliminating the need for one-time passwords (OTPs) or link tapping. It uses Android’s Credential Manager to store a cryptographically verified email credential on the device. When a user interacts with an email field or a sign-up button, a prompt requests permission to share the verified email with the app, allowing for instant confirmation without leaving the screen. This feature currently supports consumer Google Accounts on devices running Android 9 or later with updated Google Play services. Apps cannot access user information without explicit consent, and the feature can also be used for account recovery and profile modifications. Developers can use the Credential Manager API, which is issuer-agnostic, but Google’s credential specifically verifies only the email address. Despite its benefits, Google recommends maintaining backup options like manual email entry or traditional OTPs for situations where no suitable credential is available.

AppWizard

April 23, 2026

Samsung Messages is dying — here’s the open-source alternative I’m replacing it with

Samsung Messages will be discontinued in July 2026. The author switched from Samsung Messages to Google Messages but found it lacking in customization options and preferred a simpler experience. They discovered Fossify Messages, a free and open-source messaging app that offers essential features without distractions, and found it to be a suitable replacement. Fossify Messages allows selective text copying, offers security options like PIN or biometric authentication, and supports local backups. While the author appreciates Fossify Messages, they still recognize the strengths of Samsung Messages, such as chat organization and integration with Galaxy devices.

Winsage

April 23, 2026

Engineering secure passkey sync in Microsoft Password Manager

Passkeys are a new form of authentication that replace traditional passwords, providing a phishing-resistant and streamlined sign-in process. Microsoft Password Manager allows users to save and synchronize passkeys across devices linked to their Microsoft accounts, enhancing accessibility. The architecture for passkey syncing includes confidential computing for sensitive operations, hardware-rooted key protection for encryption keys, tamper-evident recovery storage, and encrypted synchronization across devices. Sensitive passkey operations are executed in Azure's confidential computing environments, ensuring cryptographic materials are processed securely. The encryption keys are protected using Azure Managed HSM, with access governed by attestation-based mechanisms. Registration and recovery processes require user authentication and enforce security measures within confidential computing boundaries, including a lockout state after consecutive incorrect PIN attempts. The system aims to provide a secure and user-friendly experience as part of a transition to a passwordless future.

AppWizard

April 23, 2026

Goodbye, OTPs and magic links: Signing up for new Android apps just got a lot easier

Google has introduced a Verified Email feature for Android applications that simplifies the sign-up process by eliminating the need for magic links and one-time PINs (OTPs). This feature allows users to register for apps using a "cryptographically verified email credential" sourced from their Google account, which is securely stored on their device. It enhances security by enabling app developers to prompt users to create a passkey during registration. The Verified Email feature can also be used for account recovery and re-authentication for sensitive actions. However, it is currently limited to consumer Gmail accounts, and users with Workspace or managed accounts must still use traditional verification methods. Additionally, Google accounts created with non-Google email addresses may require extra verification steps from app developers. The feature is accessible on devices running Android 9 or newer and Google Play Services version 25.49.xx or later.