passwords Archives

AppWizard

April 24, 2026

Google rolls out verified email feature for Android apps, removing need for OTPs

Google has introduced a verified email feature for Android applications via its Credential Manager API, allowing users to access their verified email addresses directly from their devices without traditional verification steps like OTPs or email links. Users receive a system-level prompt to share their verified email with a single tap, improving the user experience by eliminating the need to switch between apps. This feature simplifies the onboarding process for developers, reducing user drop-offs during registration and potentially improving conversion rates. Currently, it supports consumer Google Accounts, with plans for broader adoption pending support from other credential issuers. The system is intended for various use cases, including account creation, re-authentication, and recovery, while maintaining existing verification methods for non-Google accounts. This initiative is part of Google's effort to enhance authentication integration into the operating system and reduce reliance on passwords and multi-step verification.

AppWizard

April 24, 2026

Google Verified Email delivers powerful boost to Android app signups

Google Verified Email is a feature that streamlines the email confirmation process on Android devices by eliminating the need for one-time passwords (OTPs) or link tapping. It uses Android’s Credential Manager to store a cryptographically verified email credential on the device. When a user interacts with an email field or a sign-up button, a prompt requests permission to share the verified email with the app, allowing for instant confirmation without leaving the screen. This feature currently supports consumer Google Accounts on devices running Android 9 or later with updated Google Play services. Apps cannot access user information without explicit consent, and the feature can also be used for account recovery and profile modifications. Developers can use the Credential Manager API, which is issuer-agnostic, but Google’s credential specifically verifies only the email address. Despite its benefits, Google recommends maintaining backup options like manual email entry or traditional OTPs for situations where no suitable credential is available.

Tech Optimizer

April 23, 2026

The antivirus feature I skip on every SSD-powered PC

File shredders may not effectively erase data on solid-state drives (SSDs) due to the way SSDs distribute data, which can lead to deleted files remaining retrievable. Additionally, using file shredders can reduce the lifespan of SSDs because of their limited write cycles. Instead of file shredders, drive encryption is recommended for protecting sensitive data on SSDs, as it ensures that deleted data remains unreadable. Windows 11 offers integrated drive encryption for users with a Microsoft account, and tools like VeraCrypt or Cryptomator can create encrypted folders for managing sensitive documents. It's important to safeguard access to encrypted data by backing up decryption passwords or recovery keys.

Winsage

April 23, 2026

Engineering secure passkey sync in Microsoft Password Manager

Passkeys are a new form of authentication that replace traditional passwords, providing a phishing-resistant and streamlined sign-in process. Microsoft Password Manager allows users to save and synchronize passkeys across devices linked to their Microsoft accounts, enhancing accessibility. The architecture for passkey syncing includes confidential computing for sensitive operations, hardware-rooted key protection for encryption keys, tamper-evident recovery storage, and encrypted synchronization across devices. Sensitive passkey operations are executed in Azure's confidential computing environments, ensuring cryptographic materials are processed securely. The encryption keys are protected using Azure Managed HSM, with access governed by attestation-based mechanisms. Registration and recovery processes require user authentication and enforce security measures within confidential computing boundaries, including a lockout state after consecutive incorrect PIN attempts. The system aims to provide a secure and user-friendly experience as part of a transition to a passwordless future.

Tech Optimizer

April 21, 2026

Do You Need a Third-Party Antivirus for Windows 11? Here’s What Microsoft Says

Microsoft states that the built-in security features of Windows 11 are adequate for most users, suggesting that third-party antivirus solutions may not be necessary. However, there are scenarios where third-party antivirus software can be beneficial, especially due to recent vulnerabilities in Defender. Independent testing organizations have rated Defender highly, with AV-Test placing it among the top antivirus solutions and AV-Comparatives awarding it the Advanced+ badge. Microsoft emphasizes that Defender runs continuously as part of Windows and receives updates through Windows Update, ensuring automatic protection. The company advises that additional security software may be useful for users managing multiple devices or seeking specific features like identity monitoring or parental controls. Safe computing habits are also recommended to enhance security.

Winsage

April 20, 2026

“The vault is solid, the delivery truck is not” — strong key storage, shaky transfer: why this Windows Recall feature raises new security questions

Windows Recall, an AI-driven tool by Microsoft designed to capture and analyze users' screen content, was initially unveiled in 2024 but faced a delayed rollout due to significant security concerns. It launched in April 2025 with enhanced security features, including isolation within a "VBS Enclave" to protect against third-party access and filtering out sensitive information. However, security researcher Alexander Hagenah identified a flaw where data is transmitted to a less secure process, d AIXHost.exe, allowing tools like TotalRecall Reloaded to access sensitive data without administrative privileges. Despite reporting this vulnerability, Microsoft deemed it "not a vulnerability" and has not planned significant fixes. In response to user backlash, Microsoft is reassessing its AI initiatives, including Windows Recall, while privacy-focused organizations have introduced features to block the tool. Experts are calling for improved security protocols and user opt-out options.

AppWizard

April 17, 2026

New RecruitRat, SaferRat, Astrinox, Massiv Android Malware Found Targeting 800 Apps

Cybersecurity researchers from Zimperium zLabs have identified four families of Android malware—RecruitRat, SaferRat, Astrinox, and Massiv—targeting banking and cryptocurrency applications. These malware families can extract sensitive information from over 800 applications. They primarily use phishing and smishing to lure users into downloading malicious software. Phishing involves creating fake websites resembling legitimate login pages, while smishing uses urgent text messages with links to download harmful payloads. RecruitRat targets job seekers with fake employment websites, and SaferRat promises free access to premium video services. Astrinox mimics a business tool and has been linked to a fraudulent Apple App Store page, while Massiv's distribution methods remain unclear. Once installed, these malware applications initiate Overlay attacks, displaying counterfeit screens to capture user credentials. They also use a "blindfold" technique to obscure their activities by overlaying static images on the user's screen. The malware can intercept security codes, capture one-time passwords, and employ keylogging techniques. RecruitRat has a library of over 700 counterfeit login pages that activate with targeted apps. Researchers recommend avoiding links in urgent messages and downloading apps only from official sources.

Tech Optimizer

April 15, 2026

Bitdefender Total Security

Bitdefender Total Security includes features such as a network security inspector, advanced ransomware defense, a hardened browser, and an active Do Not Track system. It offers a two-tier pricing model: an individual subscription for .99 per year for five licenses and a family subscription for .99 for 25 licenses, which includes parental controls. The software features an interface similar to Bitdefender Antivirus Plus, with user-configurable buttons for quick access to features. It boasts high scores from independent antivirus testing labs and excels in malware protection and antiphishing tests. Bitdefender includes a SecurePass password manager, firewall protection, spam filtering, webcam protection, and cryptomining protection. The parental control features allow parents to manage their children's online activities, but they may not be as effective as dedicated solutions. Bitdefender Total Security provides protection for macOS and Android, with high ratings for its performance on these platforms. The Android app includes malware scanning, web protection, and anti-theft features. The Bitdefender Central app allows users to manage their security settings from mobile devices.

Tech Optimizer

April 15, 2026

Malware Is Scary. Here’s CNET’s Guide to Cleaning an Infected Laptop

88% of U.S. adults with laptops have taken measures against potential malware in the past year. Among those who encountered malware, 60% manually deleted the file or closed the offending website, while 35% initiated an anti-malware scan. Recommended steps for responding to a malware infection include disconnecting the device from Wi-Fi, connecting to a guest network, using antivirus software to remove the threat, and performing a factory reset or wiping the hard drive if necessary. It is advised to run at least two different antivirus programs to ensure comprehensive protection and to avoid restoring data from backups that may harbor malware.

Winsage

April 15, 2026

Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new security measures for Windows 10 and Windows 11 to protect against phishing attacks that exploit Remote Desktop Protocol (RDP) connection files. These updates, part of the April 2026 cumulative updates (KB5082200, KB5083769, and KB5082052), include a one-time educational prompt for users upon first opening an RDP file, requiring acknowledgment of the associated risks. Subsequent attempts to open RDP files will display a security dialog with information about the file's publisher, the remote system address, and local resource redirections, with options disabled by default. If an RDP file is unsigned, a warning will indicate an "Unknown remote connection." These protections apply only to connections initiated through RDP files, not through the Windows Remote Desktop client, and can be temporarily disabled via the Windows Registry.