Microsoft Authenticator to Drop Password Storage
Users of Microsoft Authenticator have just a few weeks to move passwords away from the tool. From August, 2025, passwords will be inaccessible and in some cases deleted.
Microsoft Authenticator is an app with a range of security features. A key one is as a two-factor authentication tool for websites. In simple terms, the website asks Microsoft to verify somebody's identity, the users does so in the app (for example with a fingerprint scan), and then Microsoft confirms the user is who they say there are. This means the website doesn't have to store login details for the user.
Authenticator also has some password features such as generating, storing and autofilling passwords, very like a password manager tool. Microsoft is now removing this feature as part of its overall strategy of moving away from passwords. It says that ironically this trend across the tech industry is making passwords riskier as hackers are stepping up password-based attacks while they still have time to do so.
Autofill Removal
The change to Authenticator is coming in three stages. The first has already taken effect and means users can no longer save a new password in the app.
The second takes effect in July and means users will no longer be able to use autofill. That will significantly reduce the usefulness of the tool. Stored payment details such as card numbers will also be deleted.
In August, Microsoft will make saved passwords inaccessible in Authenticator. In some cases the password will simply be hidden but in cases where Authenticator generated the password, it will be completely deleted. (Source: techradar.com)
Edge Transfer Suggested
Microsoft advises users switch to using Edge as their password management tool. That involves installing the Edge app on a mobile device and then setting it as the default app for autofill in the device's settings tool.
Saved passwords created by the user are transferable, though users will first need to add any passwords generated by Authenticator. The passwords should transfer automatically to Edge through Microsoft account syncing.
For other password management tools, users can go to "Settings > Export Passwords" in Authenticator to create a CSV format file that they can transfer to another tool. This file will be unencrypted so users should delete it as soon as the export/import process is complete. (Source: lifehacker.com)
What's Your Opinion?
Do you use Microsoft Authenticator to manage passwords? Is Microsoft right to remove this feature? What's your preferred way to keep track of passwords and other login details?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Brilliant Move
Good move by Microsoft to funnel more users to the Edge browser. As far as I'm concerned, Edge is just Microsoft's spyware browser to further help them tap into the data collection business that Google has dominated for so long with the Chrome browser. Long live Firefox!
Can I still Use my fingerprint to login?
As long as I can still use my fingerprint to login to an app I'm ok with this
Looks that way
Based on the techradar article it says that autofill passwords would be removed. So I would think that fingerprint would still work. According to ChatGPT, Biometric data (fingerprint) is used to: Unlock the Authenticator app (if app protection is enabled), Approve passwordless sign-ins, and Confirm two-factor prompts (2FA / MFA). None of that has anything to do with autofilling passwords. I've only used MS Authenticator for 2FA and had no idea it did anything other than that.
Microsoft Authenticator
Never used Microsoft Authenticator or intend to, or programs like it, unless forced to do so, cant stand this secret squirrel stuff for accounts that do not use banking and other things that are a security risk!