Latest news with #AuthenticatorApp
Forbes
4 days ago
- Forbes
Microsoft's Critical Password Warning — Users Have 5 Days To Act
Unsaved Microsoft Authenticator passwords will be deletd on August 1. Passwords: You can't live without them, despite the advance of passkey technology, but unless you act before August 1, the passwords you have generated using Microsoft's Authenticator app will be deleted. Yes, deleted. This should not come as a surprise, not least as Microsoft has been warning users for the longest time of the password changes to come: In June no new passwords could be added to the app, during July the autofill feature ceased to work and, in just five days time on August 1, your saved passwords won't be accessible via the app anymore. All of this, seemingly in the name of better security, and with password hacking such a cyber-epidemic, that might not be a bad thing. Or at least it wouldn't be if I actually believed that to be the case. Here's what you need to know and do. Microsoft Passwords Deadline — What You Need To Know The whole password deletion and usage debate revolves around one simple act: Microsoft has decided to discontinue the autofill function of the Microsoft Authenticator app as part of an update to streamline the process 'so you can use saved passwords easily across devices.' The reasoning behind this seems, dare I say, a little spurious to me. After all, Microsoft readily admits that 'autofill in Microsoft Authenticator has been a way to securely store and autofill passwords on apps and websites you visit on your phone,' and that hasn't changed. What has changed is the desire to get users to move to the more secure passkey technology and, perhaps more pertinently, to move to the Microsoft Edge web browser. There's nothing wrong with the password management functionality of the Edge browser, nor the Chrome browser, nor most any browser. From my perspective, however, a dedicated password manager app is a much better option when it comes to password security and management. Removing that option, unless you have set up passkeys for your Microsoft Account as Authenticator will still support these and disabling Authenticator in these circumstances will disable your passkeys, just serves to complicate matters. As the whole passkeys thing I've just mentioned goes to prove. How convoluted is it all? Here's what Microsoft said: 'Your saved passwords (but not your generated password history) and addresses are securely synced to your Microsoft account, and you can continue to access them and enjoy seamless autofill functionality with Microsoft Edge.' Microsoft Passwords Deadline — What You Need To Do Before August 1 Let's start with the Edge browser requirement, which Microsoft has stated you are welcome to ignore and use a different provider, such as Google Password Manager, iCloud Keychain, or any other password management app. Microsoft said that once you set Microsoft as your default autofill provider on your phone, you will need to export passwords from Microsoft Authenticator and then import them into the new service. 'For security reasons, you will need to manually recreate your payment info,' Microsoft added. However, your time is fast running out to do this if you haven't already. Although your passwords that have already been saved in Microsoft Authenticator will be visible to Microsoft Edge, from August 1 they will no longer be accessible in the app and, therefore, you won't be able to export them anywhere. And, of course, any generated passwords that have not been saved from the app generator history into the saved passwords category will be deleted. If you are happy to use Edge as your password autofill provider, then Microsoft has easy-to-follow instructions on its support pages.
CNET
13-07-2025
- CNET
Microsoft Plans to Purge Passwords—Here's How to Protect Yours
Microsoft is moving closer to a password-free future, and if you're still using the Authenticator app to manage logins, big changes are coming fast. Starting Aug. 1, the app will no longer support passwords at all. This shift has already been in motion-new password creation was disabled in June, and autofill support was cut off in July. For years, Microsoft Authenticator was a go-to for managing both multi-factor authentication and saved passwords. But now, it's being refocused to support passkeys instead. That means your logins will soon rely more on things like PINs, fingerprint scans, or facial recognition-more secure, faster and harder to steal than a standard password. If you're still relying on Authenticator for password storage, it's time to move your data elsewhere before it disappears. Attila Tomaschek, CNET's software senior writer and digital security expert, said that's not a bad thing, though. "Passwords can be cracked, whereas passkeys need both the public and the locally stored private key to authenticate users, which can help mitigate risks like falling victim to phishing and brute-force or credential-stuffing attacks," Tomaschek said. Passkeys get rid of the risky password habits practiced by 49% of US adults, like using the same password for multiple accounts or using personal hints, according to a CNET survey. However, those convenient hints can pose a bigger risk to scammers, identity theft and fraud. If you're a fan of Authenticator and not sure where to start before the switch, here's what you need to do before Microsoft's Aug. 1 move. When will Microsoft Authenticator stop supporting passwords? Microsoft Authenticator houses your passwords and lets you sign into all your Microsoft accounts using a PIN, facial recognition like Windows Hello, or other biometric data like a fingerprint. Authenticator can be used in other ways, such as verifying you're logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your accounts. In June, the company stopped letting users add passwords to Authenticator. Starting this month, you won't be able to use the autofill password function. And next month, you'll no longer be able to use saved passwords. If you still want to use passwords instead of passkeys, you can store them in Microsoft Edge. However, CNET experts recommend adopting passkeys during this transition. "Passkeys use public key cryptography to authenticate users, rather than relying on users themselves creating their own (often weak or reused) passwords to access their online accounts," Tomaschek said. Why are passkeys a better alternative to passwords? So what exactly is a passkey? It's a credential created by the Fast Identity Online Alliance that uses biometric data or a PIN to verify your identity and access your account. Think about using your fingerprint or Face ID to log into your account. That's generally safer than using a password that is easy to guess or susceptible to a phishing attack. Passkeys aren't stored on servers like passwords. Instead, they're stored only on your personal device. More conveniently, this takes the guesswork out of remembering your passwords and the need for a password manager. How to set up a passkey in Microsoft Authenticator Microsoft said in a May 1 blog post that it will automatically detect the best passkey to set up and make that your default sign-in option. "If you have a password and 'one-time code' set up on your account, we'll prompt you to sign in with your one-time code instead of your password. After you're signed in, you'll be prompted to enroll a passkey. Then the next time you sign in, you'll be prompted to sign in with your passkey," according to the blog post. To set up a new passkey, open your Authenticator app on your phone. Tap on your account and select "Set up a passkey." You'll be prompted to log in with your existing credentials. After you're logged in, you can set up the passkey.
