passwordless Archives

Winsage

February 27, 2026

De-Enshittify Windows 11: Make Windows 11 More Secure ⭐

Windows 11 offers a mix of security and privacy features, with a recommendation for users to opt for a Copilot+ PC with a Qualcomm Snapdragon X-series processor for enhanced security. Most users log in with a Microsoft account, which provides benefits such as two-factor authentication, device-bound passkeys, account recovery options, and automatic disk encryption. However, using a local account poses security risks, including limited recovery options and lack of support for key security features. To secure Windows 11, users should take several steps during initial setup or later, including enabling Windows Security features, verifying device encryption, and enhancing sign-in security through Windows Hello options like facial and fingerprint recognition. Additional security features such as Controlled Folder Access and Smart App Control can be configured for better protection. Users are advised to remove unnecessary third-party security apps and keep Windows 11 and installed applications up-to-date to maintain security. Regular updates and proper configuration of Windows Update settings are also essential for preventing disruptions and ensuring data safety.

Tech Optimizer

February 15, 2026

Manage PostgreSQL Databases Directly in VS Code with Microsoft’s Extension

Microsoft's PostgreSQL extension for VS Code streamlines database management by allowing users to connect to databases, write and execute queries, visualize schemas, and engage with GitHub Copilot without switching applications. It includes Entra authentication for Azure Database for PostgreSQL, enhancing security. The extension features a @pgsql GitHub Copilot agent that assists with PostgreSQL tasks, enabling users to rewrite queries, clarify functions, and analyze performance metrics. The Copilot Chat Agent Mode allows for multi-step tasks like debugging and schema optimization, requiring user permission for database changes. Users can visualize database schemas, manage connections for local and cloud-hosted databases, and utilize context-aware IntelliSense for writing SQL queries. Additional features include a server dashboard, schema migration capabilities, and Docker support for local PostgreSQL instances. Users can install the extension from the VS Code Marketplace.

Winsage

January 30, 2026

Microsoft to disable NTLM by default in future Windows releases

Microsoft will disable the NTLM authentication protocol by default in the next major Windows Server release and associated Windows client versions. NTLM, introduced in 1993, has been vulnerable to various cyberattacks, including NTLM relay and pass-the-hash attacks. The transition plan includes three phases: enhanced auditing tools in Windows 11 24H2 and Windows Server 2025, new features like IAKerb and a Local Key Distribution Center in late 2026, and eventually disabling network NTLM by default in future releases. NTLM will remain in the operating system but will not be used automatically. Microsoft deprecated NTLM authentication in July 2024 and has encouraged developers to transition to Kerberos or Negotiation authentication.

Winsage

December 29, 2025

Microsoft Adds Sudo to Windows 11 24H2 for Seamless Elevated Commands

Microsoft has introduced the sudo command in Windows 11 version 24H2, allowing users to execute commands with elevated privileges directly from a standard command prompt or PowerShell window. Users can enable this feature via Settings under System > For Developers. Sudo can run commands in three modes: “in a new window,” “with input disabled,” and “inline.” The inline mode runs the elevated command in the same console session, preserving context and variables. Microsoft has open-sourced the project on GitHub, inviting community contributions. Sudo integrates with User Account Control (UAC) for security, ensuring every elevation request is vetted. It simplifies administrative tasks for software engineers and system administrators, particularly in corporate environments where full admin access is restricted. The feature works seamlessly in Windows Terminal and supports Azure integrations. While some users have reported compatibility issues, Microsoft emphasizes that sudo is a developer tool rather than a complete replacement for Linux's sudo. Future developments may include community-driven extensions and integration with Windows Subsystem for Linux (WSL).

Winsage

November 27, 2025

Microsoft Security Keys May Require PIN After Recent Windows Updates

Microsoft announced an update for FIDO2 security keys on Windows 11, introducing a new prompt for users to set up a PIN during authentication. The rollout began with preview update KB5065789 on September 29, 2025, for OS Builds 26200.6725 and 26100.6725, and was completed with security update KB5068861 on November 11, 2025, for OS Builds 26200.7171 and 26100.7171. This update affects sign-ins where a Relying Party (RP) or Identity Provider (IDP) requests User Verification set to “Preferred” for keys without a PIN, in accordance with WebAuthn specifications. Users must now set up a PIN during authentication flows, not just during registration. To avoid PIN prompts, RPs or IDPs can set “userVerification” to “discouraged.” There is no option to roll back the changes.

Winsage

November 26, 2025

Microsoft: Security keys may prompt for PIN after recent updates

Microsoft issued a notice to users about a new behavior related to FIDO2 security keys following Windows updates since the September 2025 preview update. This change affects devices on Windows 11 versions 24H2 or 25H2, where users may be prompted to enter a PIN during authentication. The adjustment aligns with WebAuthn specifications, which outline protocols for authentication methods, including PINs and biometrics. User verification can be categorized as discouraged, preferred, or required, with "preferred" necessitating a PIN setup if supported by the authenticator. The rollout began after the KB5065789 preview update and was completed with the November KB5068861 security update. Microsoft stated that after installing the September 29, 2025 update, users might need to create a PIN to sign in with a security key, even if it was not required during initial registration. This behavior occurs when a Relying Party or Identity Provider requests User Verification = Preferred during authentication with a FIDO2 security key lacking a PIN. Organizations can opt to adjust the user verification setting to "discouraged" if they do not want to require users to create or enter PINs. FIDO2 security keys enable passwordless authentication by requiring the physical presence of a USB, NFC, or Bluetooth token, gaining popularity as organizations seek to reduce risks associated with traditional passwords.

Winsage

November 17, 2025

Windows 11 users just got a more convenient way to store passkeys – here’s how it works

The technology behind passkeys involves cryptographic keys and standards like FIDO2 and WebAuthn, but users can enhance their security by creating passkeys whenever offered by websites or apps, using face recognition, fingerprints, or PINs. Users can accumulate multiple passkeys for easier sign-in across services. 1Password is set to integrate a new native passkeys plugin API with Windows 11, allowing users to manage passkeys through 1Password while using Windows Hello for authentication. This integration requires the latest version of Windows 11 and the MSIX version of the 1Password app. Users can enable the passkey feature in 1Password and designate it as the system authenticator in Windows settings. Other password managers may also adopt this integration, and Windows is introducing its own passkey sync mechanism through the Microsoft Password Manager in Edge. Passkeys do not replace existing credentials but serve as a secure alternative to usernames and passwords, with some services offering fully passwordless options.

Winsage

November 13, 2025

Windows 11 now supports 3rd-party apps for native passkey management

Microsoft has introduced native support for third-party passkey managers on Windows 11, including 1Password and Bitwarden, as part of a collaborative effort that resulted in a passkey API. This feature was rolled out with the November 2025 security update. Passkeys adhere to FIDO2/WebAuthn standards and utilize private-public key cryptography, eliminating traditional passwords. Windows generates a key pair upon registration on a passkey-enabled site, storing the private key securely. Users verify their identity using Windows Hello, which enhances security through PIN and biometric authentication. The integration allows for synchronization across Windows devices when signed into Edge with the same Microsoft account, with security measures including Azure Managed Hardware Security Modules and Azure Confidential Compute. Microsoft Edge version 142 and later introduced passkey saving and syncing capabilities, and Bitwarden launched its “Log in with Passkeys” feature in January 2024. Bitwarden's integration with Windows 11 is currently in beta.

Winsage

November 12, 2025

Windows just got native passkey support for one of my favorite password managers

Microsoft is enhancing Windows 11 with native support for passkeys and integrating password managers 1Password and Bitwarden. This update, which aims to improve security and user access, will be fully available with the Windows November 2025 security update. Users can create and save passkeys directly within Windows using the Microsoft Password Manager, and both 1Password and Bitwarden can integrate seamlessly into the Windows environment. The new capabilities allow users to save, manage, and use passkeys across browsers and native apps, with authentication using Windows Hello. Bitwarden has expressed enthusiasm for the collaboration with Microsoft, emphasizing the secure management of credentials on Windows.

Winsage

November 11, 2025

1Password can now save passkeys directly in Windows 11

A new Windows API allows third-party applications to manage passkeys more effectively, with 1Password being the first password manager to adopt this innovation. The integration enables 1Password to act as the credential manager on Windows 11, allowing users to create and manage passkeys easily while using Windows Hello for authentication. This feature is available to anyone running the latest version of Windows 11 and the newly released MSIX version of the 1Password app. Users can enable the passkey feature through the 1Password application or manually in Windows settings. Once configured, Windows will use the selected credential manager instead of its default settings. Other password managers like Bitwarden and Dashlane may follow with similar support. Passkeys serve as a convenient alternative to traditional username and password combinations but do not replace existing credentials.