passwordless Archives

Winsage

June 19, 2026

Windows Platform Security and the Race to Secure AI Agents

Microsoft has introduced the Microsoft Execution Containers (MXC) SDK to establish Windows as a reliable operating system for autonomous agents, focusing on containment, identity, and manageability. The MXC framework serves as a policy-driven execution layer for agents on Windows and Windows Subsystem for Linux (WSL), allowing developers to set access permissions using JSON or TypeScript. It employs process and session isolation for agent containment and identity. Future enhancements will include micro-VM support for high-risk tasks and integration with Windows 365 for cloud PC workloads. IT teams can manage MXC policies through Entra ID and Intune, while Defender and Purview provide protection and observability. The MXC framework is built on Microsoft's security initiatives, including Secure Boot and passwordless sign-in, allowing agents to inherit a secure foundation. However, early commentary expresses caution regarding MXC's perception as a comprehensive security solution, noting issues with overly permissive policies and the lack of outbound network filtering. Other platforms, such as Linux, are also enhancing security for agents with kernel-level isolation and secure environments like NVIDIA's OpenShell runtime. Various projects are focusing on agent sandboxes within Kubernetes, employing technologies like gVisor and Kata Containers for isolation. Overall, no singular dominant platform security model for AI agents has emerged, with Windows' MXC still considered nascent compared to existing solutions in Linux and Kubernetes ecosystems.

Winsage

June 2, 2026

Windows platform security for AI agents

AI agents have evolved from simple question-answering systems to autonomous entities that can perform actions across various platforms. This shift raises concerns about control and trust, necessitating a change in security paradigms. Developers are now required to integrate security into the architecture of their platforms to maintain trust in agent deployment. Microsoft has expanded Agent 365 to manage local agents on Windows, introducing policy-based controls to govern agent actions. The Microsoft Execution Containers (MXC) SDK provides a policy-driven execution layer for agents, allowing developers to define constraints and ensuring consistent enforcement at runtime. Windows supports various containment options, including process and session isolation, to mitigate risks associated with agent behavior. Micro-VMs and Linux containers are also being integrated into the containment model. Windows 365 for Agents enables agents to operate in a managed cloud environment, limiting potential compromises. Collaborations with industry leaders aim to align containment strategies with developer needs. The security model is built on a foundation designed to minimize risk, incorporating features like passwordless sign-in and real-time protection through Windows Defender. The focus remains on enabling developers to create secure, governable agents for real-world deployment.

Winsage

April 24, 2026

Microsoft to roll out Entra passkeys on Windows in late April

Microsoft will introduce passkey support for phishing-resistant passwordless authentication on Microsoft Entra-protected resources starting in late April, with broader availability expected by mid-June 2026. This feature will allow passwordless sign-in on unmanaged Windows devices and will support various device types, including corporate, personal, and shared options. Administrators can manage passkeys through Conditional Access and Authentication Methods policies. Users can create device-bound passkeys stored securely within the Windows Hello container, using methods like facial recognition, fingerprint scanning, or a PIN. The passkeys will adhere to FIDO2 standards and will be securely bound to individual devices, preventing transmission over the network to enhance security against phishing and malware attacks. Microsoft has also announced plans for mandatory multifactor authentication registration for Entra tenants by October 2024 and that all new accounts will be passwordless by default starting in May 2025.

AppWizard

April 24, 2026

Google Adds Verified Email Feature to Simplify Android App Logins

Google has introduced a verified email feature for Android applications, accessible through the Credential Manager API. This feature allows apps to retrieve a user's verified email directly from their device, improving the login and account creation processes by eliminating the need for one-time passwords (OTPs) and email verification links. Users receive a system-level prompt to share their verified email with a simple tap, enhancing the user experience by reducing interruptions. The feature also benefits developers by simplifying verification systems and potentially decreasing user drop-off rates during registration. Currently, it supports Google accounts, with plans to include other identity providers in the future. Google advises developers to continue using traditional verification methods for non-Google accounts to ensure compatibility.

AppWizard

April 24, 2026

Google rolls out verified email feature for Android apps, removing need for OTPs

Google has introduced a verified email feature for Android applications via its Credential Manager API, allowing users to access their verified email addresses directly from their devices without traditional verification steps like OTPs or email links. Users receive a system-level prompt to share their verified email with a single tap, improving the user experience by eliminating the need to switch between apps. This feature simplifies the onboarding process for developers, reducing user drop-offs during registration and potentially improving conversion rates. Currently, it supports consumer Google Accounts, with plans for broader adoption pending support from other credential issuers. The system is intended for various use cases, including account creation, re-authentication, and recovery, while maintaining existing verification methods for non-Google accounts. This initiative is part of Google's effort to enhance authentication integration into the operating system and reduce reliance on passwords and multi-step verification.

Winsage

April 23, 2026

Engineering secure passkey sync in Microsoft Password Manager

Passkeys are a new form of authentication that replace traditional passwords, providing a phishing-resistant and streamlined sign-in process. Microsoft Password Manager allows users to save and synchronize passkeys across devices linked to their Microsoft accounts, enhancing accessibility. The architecture for passkey syncing includes confidential computing for sensitive operations, hardware-rooted key protection for encryption keys, tamper-evident recovery storage, and encrypted synchronization across devices. Sensitive passkey operations are executed in Azure's confidential computing environments, ensuring cryptographic materials are processed securely. The encryption keys are protected using Azure Managed HSM, with access governed by attestation-based mechanisms. Registration and recovery processes require user authentication and enforce security measures within confidential computing boundaries, including a lockout state after consecutive incorrect PIN attempts. The system aims to provide a secure and user-friendly experience as part of a transition to a passwordless future.

Tech Optimizer

April 21, 2026

Gen Digital Inc stock (US36870C1018): Is its cybersecurity moat strong enough for steady investor re

Gen Digital Inc operates a consumer-focused cybersecurity model centered on subscription-based protection services, including antivirus, VPNs, and identity theft protection. The company generates predictable revenue through auto-renewals, with over 90% of customers renewing annually. Its business model scales with internet penetration and focuses on individual users rather than enterprise contracts. Gen Digital emphasizes organic growth through product innovation and geographic expansion, with key growth drivers including the increase of connected devices and cloud-based delivery. The product portfolio features tiered subscription plans, catering to diverse consumer needs, and the company maintains a competitive position through superior detection rates and customer support. Gen Digital's primary markets are North America and Europe, with emerging opportunities in Latin America and Asia. Analysts view the subscription model favorably for its resilience and cash flow generation, while risks include competition from free tools and regulatory changes. Upcoming earnings will provide insights into subscriber trends and pricing power.

Tech Optimizer

April 19, 2026

Avast Antivirus: Between Free Tier Strength and Privacy Risks, Things Are Getting Interesting

Avast Antivirus offers free protection against malware, phishing, and unsafe websites, featuring real-time scanning, ransomware protection, and a behavior-based detection system. The free edition includes protective shields for files, emails, and web browsing, while Avast Premium Security provides advanced ransomware defense and a secure browser. Avast One bundles additional features like a VPN and parental controls. Gen Digital acquired Avast in 2022, positioning it as a key part of its consumer cybersecurity strategy, with a freemium model that attracts users and encourages upgrades to premium plans. Avast has a user base of 435 million, with millions transitioning to paid subscriptions annually. The global antivirus market is experiencing double-digit growth, driven by increasing cyber threats. Avast competes with major players like Norton, Bitdefender, and Kaspersky, while facing challenges from free alternatives like Windows Defender. The company previously faced privacy issues related to the sale of anonymized browsing data but has since implemented transparency measures and compliance with EU regulations. Avast is exploring AI-driven detection methods and post-quantum defenses to enhance its offerings.

Tech Optimizer

March 26, 2026

Announcing Amazon Aurora PostgreSQL serverless database creation in seconds

Colin Lazier, Vice President of Databases at AWS, announced at re:Invent 2025 that developers can now create production-ready databases using Amazon DynamoDB and Amazon Aurora DSQL in seconds. AWS introduced an express configuration for Amazon Aurora PostgreSQL, allowing users to set up a serverless database in two clicks without needing an Amazon VPC network. This configuration includes preconfigured defaults, IAM authentication for passwordless access, and an internet access gateway for secure connections. Users can create an Aurora PostgreSQL serverless database via the AWS console or command-line interface, and they can customize settings during and after creation. The new setup supports additional features like read replicas and automated failover. AWS also enhanced the Free Tier program, providing up to 0 in credits for new users, and integrated Aurora with platforms like Vercel for rapid application development. Users are billed based on Aurora Capacity Units (ACUs), which scale automatically.

Winsage

March 12, 2026

Microsoft Introduces Phishing-Resistant Windows Sign-Ins With Entra Passkeys

Microsoft will introduce phishing-resistant passwordless authentication through passkeys for Windows devices, integrated with Microsoft Entra. This feature is expected to enter public preview between mid-March and late April 2026 for global tenants, while government cloud environments will receive the update from mid-April to mid-May. Users can access Entra-protected resources using device-bound passkeys stored securely within Windows Hello, allowing authentication through biometric or local verification methods. This update expands passwordless authentication to unmanaged or personal Windows devices. Passkeys utilize public-key cryptography, enhancing security by storing a private key on the device and registering a matching public key with the service. Each passkey is uniquely associated with a specific device and cannot be exported or synchronized. Organizations must enable the Passkeys (FIDO2) authentication method in Entra for the preview. This initiative is part of Microsoft's broader strategy to eliminate passwords, responding to rising cybersecurity concerns related to password-based authentication.