Latest news with #passkeys
Forbes
a day ago
- Forbes
Microsoft Deadline—72 Hours To Stop Using Your Passwords
Do not leave this too late. 'The 'password era is ending,' Microsoft has warned its billion users, confirming that it wants all those users to delete their passwords given that account attacks are now surging. As part of this change, a 72 hour deadline means you must act now. On the surface, Microsoft's decision to delete any passwords you have stored in its Authenticator app is straightforward. 'You can continue to access them,' it says, 'with Microsoft Edge, a secure and user-friendly AI-powered web browser.' The Authenticator app 'will continue to support passkeys,' which has been overlooked as the password deletion warning has grabbed the headlines. Microsoft doesn't want you to move your passwords, it wants you to replace them with passkeys where you can. So don't move your passwords, stop using them use passkeys instead. Just as with Google's warning to Gmail users, Amazon's warning to Prime users, and Microsoft's own warning to all its users, this is the time to make that change. All these major providers support passkeys, and you should add them now. 'If you have set up Passkeys for your Microsoft Account,' you must 'ensure that Authenticator remains enabled as your Passkey Provider. Disabling Authenticator will disable your passkeys.' Microsoft has already killed its autofill password capability. So while some of your passwords cannot be replaced with passkeys and need to be moved, where accounts do support passkeys, you should take this opportunity to stop using those passwords and upgrade the security on the accounts instead. And before blindly moving passwords to Edge, you should also bear in mind the security risks in using browser-based passwords managers. A standalone app is best, ensuring a fire-gap between the websites you visit and the passwords you have saved. 'While enrolling passkeys is an important step,' Microsoft says, 'it's just the beginning. Even if we get our more than one billion users to enroll and use passkeys, if a user has both a passkey and a password, and both grant access to an account, the account is still at risk for phishing. Our ultimate goal is to remove passwords completely and have accounts that only support phishing-resistant credentials.'
The Sun
4 days ago
- The Sun
Last chance before millions of passwords are forgotten FOREVER from popular app feature
PASSWORDS will no longer be accessible from a popular mobile app in days as a handy feature is discontinued by Microsoft. 1 Users have already been blocked from adding new passwords in June. Then in July the ability to autofill with Microsoft Authenticator was disabled. But August marks the biggest change of all, with passwords no longer accessible at all in the app. Microsoft hasn't given an exact date but said "from August", so it could end as soon as this week. Passwords won't be lost entirely, instead you'll have to get them via Microsoft Edge. However, the firm says "any generated passwords not saved will be deleted". An alert in the app currently warns: "To keep autofilling your info, please take action now." Despite the move, Microsoft Authenticator isn't closing down. It will still function as its main purpose for two-factor authentication and passkeys. The decision comes as tech giants shift away from the aged password which are easily hacked, due to common mistakes like re-used passwords or easily guessed terms. By comparison, passkeys can't be guessed and they're impossible to re-use too. SHOULD I SWITCH TO PASSKEYS? Here's what security expert Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, told The Sun... 'Passwords are both hard to remember and in most cases, easy to guess. "I would venture to say that most users (especially older users) will reuse passwords, simply because of all of the websites and apps that require sign-ins. "While password managers do help, they are at best, a stopgap measure and do not offer full-ranging security for your login information. "Passkeys offer the advantage of eliminating the need to enter an email address and password to log in. "This is especially handy when users are logging in on an iPhone or Android device. "Passkeys have multiple advantages over passwords. Passkeys cannot be shared or guessed. "Passkeys are unique to the website or app they are created for, so they cannot be used to login elsewhere like a reused password can. "Plus, passkeys cannot be stolen in a data breach, as the passkeys are not stored on the company's servers. "But are instead are a private key stored only on your device, where biometric authentication (like face ID or Touch ID) is required to use the passkey.' Image credit: Getty
CNET
4 days ago
- CNET
Time's Almost Up: Microsoft Will Delete Your Passwords on Aug. 1. What to Do ASAP
If you use Microsoft Authenticator to manage your passwords, the clock is ticking. On Aug. 1, the app won't store or manage your passwords anymore. That means you won't be able to save passwords or use two-factor authentication or auto-fill. And if the Authenticator app was your go-to password manager, you'll need to find a new one. Microsoft is moving to a login method we're becoming more familiar with: passkeys. Instead of a mix of letters, symbols and numbers, you'll use PINs, fingerprint scans, facial recognition or a pattern on your device's lock screen to log in to your accounts. Attila Tomaschek, a CNET software senior writer and digital security expert, believes it's a safer option compared with the risky password practices we use. By the numbers, 49% of US adults have bad password habits, according to a CNET survey. Having a password you use for several accounts or that's easy to guess can put you at risk of hackers stealing your data. There's less than a week before the big switch. So it's time to figure out how passkeys will work with Microsoft and to pick a new password manager. Here's what you need to know to get started. Microsoft Authenticator will stop supporting passwords on Aug. 1 Microsoft Authenticator houses your passwords and lets you sign into all your Microsoft accounts using a PIN, facial recognition like Windows Hello, or other biometric data like a fingerprint. Authenticator can be used in other ways, such as verifying you're logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your accounts. In June, the company stopped letting users add passwords to Authenticator. As of this month, you won't be able to use the autofill password function. And next month, you'll no longer be able to use saved passwords. If you still want to use passwords instead of passkeys, you can store them in Microsoft Edge. However, CNET experts recommend adopting passkeys during this transition. "Passkeys use public key cryptography to authenticate users, rather than relying on users themselves creating their own (often weak or reused) passwords to access their online accounts," Tomaschek said. Why passkeys are a better alternative to passwords So what exactly is a passkey? It's a credential created by the Fast Identity Online Alliance that uses biometric data or a PIN to verify your identity and access your account. Think about using your fingerprint or Face ID to log into your account. That's generally safer than using a password that is easy to guess or susceptible to a phishing attack. "Passwords can be cracked, whereas passkeys need both the public and the locally stored private key to authenticate users, which can help mitigate risks like falling victim to phishing and brute-force or credential-stuffing attacks," said Tomaschek. Passkeys aren't stored on servers like passwords. Instead, they're stored only on your personal device. More conveniently, this takes the guesswork out of remembering your passwords and the need for a password manager. How to set up a passkey in Microsoft Authenticator Microsoft said in a May 1 blog post that it will automatically detect the best passkey to set up and make that your default sign-in option. "If you have a password and 'one-time code' set up on your account, we'll prompt you to sign in with your one-time code instead of your password. After you're signed in, you'll be prompted to enroll a passkey. Then the next time you sign in, you'll be prompted to sign in with your passkey," according to the blog post. To set up a new passkey, open your Authenticator app on your phone. Tap on your account and select "Set up a passkey." You'll be prompted to log in with your existing credentials. After you're logged in, you can set up the passkey. Other password manager alternatives Since Microsoft will get rid of all of your passwords in two weeks, you'll need a new place to store your passwords safely. Tomaschek has a few of the best password manager recommendations after testing and reviewing several. The top recommendation is Bitwarden for its transparency. It's open-source and audited annually. From a price perspective, the free plan lets you store infinite passwords across unlimited devices. The free plan also includes features most password managers would charge for, including password sharing and a username and password generator. Bitwarden's upgraded plans have other upgraded features that could be worth the cost, too. Personally, Tomaschek has been using 1Password for a while, and he likes the interface and family plan. Even though it's second on the list, Tomaschek says it's just as good as Bitwarden.
CNET
22-07-2025
- CNET
MIcrosoft Will Wipe Out Your Passwords on Aug. 1. What to Do Now
Microsoft is getting rid of passwords in less than two weeks. On Aug. 1, the Microsoft Authenticator app will no longer store or manage passwords, which could be a problem for a lot of users. Microsoft Authenticator has been one of the best password managers for years. You were able to save passwords, enable two-factor authentication and auto-fill. The change means that if you're using the Authenticator app as a password manager, you'll need to look for another option soon. And on Aug. 1, Microsoft will move to passkeys instead. Using a passkey as a login means you'll use PINs, fingerprint scans, facial recognition or pattern using a device's lock screen. It's a safer option compared to the risky password habits that 49% of US adults have, based on a CNET survey. If you've been using Authenticator, now's the time to start making changes. Here's what to know about the switch and the best password managers CNET recommends. When will Microsoft Authenticator stop supporting passwords? Microsoft Authenticator houses your passwords and lets you sign into all your Microsoft accounts using a PIN, facial recognition like Windows Hello, or other biometric data like a fingerprint. Authenticator can be used in other ways, such as verifying you're logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your accounts. In June, the company stopped letting users add passwords to Authenticator. Starting this month, you won't be able to use the autofill password function. And next month, you'll no longer be able to use saved passwords. If you still want to use passwords instead of passkeys, you can store them in Microsoft Edge. However, CNET experts recommend adopting passkeys during this transition. "Passkeys use public key cryptography to authenticate users, rather than relying on users themselves creating their own (often weak or reused) passwords to access their online accounts," Tomaschek said. Why are passkeys a better alternative to passwords? So what exactly is a passkey? It's a credential created by the Fast Identity Online Alliance that uses biometric data or a PIN to verify your identity and access your account. Think about using your fingerprint or Face ID to log into your account. That's generally safer than using a password that is easy to guess or susceptible to a phishing attack. "Passwords can be cracked, whereas passkeys need both the public and the locally stored private key to authenticate users, which can help mitigate risks like falling victim to phishing and brute-force or credential-stuffing attacks," said Attila Tomaschek, CNET's software senior writer and digital security expert. Passkeys aren't stored on servers like passwords. Instead, they're stored only on your personal device. More conveniently, this takes the guesswork out of remembering your passwords and the need for a password manager. How to set up a passkey in Microsoft Authenticator Microsoft said in a May 1 blog post that it will automatically detect the best passkey to set up and make that your default sign-in option. "If you have a password and 'one-time code' set up on your account, we'll prompt you to sign in with your one-time code instead of your password. After you're signed in, you'll be prompted to enroll a passkey. Then the next time you sign in, you'll be prompted to sign in with your passkey," according to the blog post. To set up a new passkey, open your Authenticator app on your phone. Tap on your account and select "Set up a passkey." You'll be prompted to log in with your existing credentials. After you're logged in, you can set up the passkey. Other password manager alternatives Since Microsoft will get rid of all of your passwords in two weeks, you'll need a new place to store your passwords safely. Tomaschek has a few of the best password manager recommendations after testing and reviewing several. The top recommendation is Bitwarden for its transparency. It's open-source and audited annually. From a price perspective, the free plan lets you store infinite passwords across unlimited devices. The free plan also includes features most password managers would charge for, including password sharing and a username and password generator. Bitwarden's upgraded plans have other upgraded features that could be worth the cost, too. Personally, Tomaschek has been using 1Password for a while, and he likes the interface and family plan. Even though it's second on the list, Tomaschek says it's just as good as Bitwarden.
CNET
21-07-2025
- CNET
Microsoft Will Erase Your Passwords on Aug.1: Do This ASAP
As of Aug. 1, Microsoft will be deleting passwords from its Authenticator app. This means that passwords stored there will no longer be accessible, which could be a problem for a lot of users. Microsoft Authenticator has been one of the best password managers for years, offering options for saved passwords, two-factor authentication and auto-fill. However in just a few short days, all of that is going away as Microsoft moves to passkeys instead. This means that logins will move from remembering specific passwords, to using PINs, fingerprint scans, facial recognition or pattern using a device's lock screen. Using a passkey can make your account safer, and it's a move I'm excited about. I recently uncovered that 49% of US adults have risky password habits that can open the door to scammers getting access to your sensitive data. If you're a fan of Authenticator and not sure where to start before the switch, here are other password managers CNET recommends and steps you should take before August. When will Microsoft Authenticator stop supporting passwords? Microsoft Authenticator houses your passwords and lets you sign into all your Microsoft accounts using a PIN, facial recognition like Windows Hello, or other biometric data like a fingerprint. Authenticator can be used in other ways, such as verifying you're logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your accounts. In June, the company stopped letting users add passwords to Authenticator. Starting this month, you won't be able to use the autofill password function. And next month, you'll no longer be able to use saved passwords. If you still want to use passwords instead of passkeys, you can store them in Microsoft Edge. However, CNET experts recommend adopting passkeys during this transition. "Passkeys use public key cryptography to authenticate users, rather than relying on users themselves creating their own (often weak or reused) passwords to access their online accounts," Tomaschek said. Why are passkeys a better alternative to passwords? So what exactly is a passkey? It's a credential created by the Fast Identity Online Alliance that uses biometric data or a PIN to verify your identity and access your account. Think about using your fingerprint or Face ID to log into your account. That's generally safer than using a password that is easy to guess or susceptible to a phishing attack. "Passwords can be cracked, whereas passkeys need both the public and the locally stored private key to authenticate users, which can help mitigate risks like falling victim to phishing and brute-force or credential-stuffing attacks," said Attila Tomaschek, CNET's software senior writer and digital security expert. Passkeys aren't stored on servers like passwords. Instead, they're stored only on your personal device. More conveniently, this takes the guesswork out of remembering your passwords and the need for a password manager. How to set up a passkey in Microsoft Authenticator Microsoft said in a May 1 blog post that it will automatically detect the best passkey to set up and make that your default sign-in option. "If you have a password and 'one-time code' set up on your account, we'll prompt you to sign in with your one-time code instead of your password. After you're signed in, you'll be prompted to enroll a passkey. Then the next time you sign in, you'll be prompted to sign in with your passkey," according to the blog post. To set up a new passkey, open your Authenticator app on your phone. Tap on your account and select "Set up a passkey." You'll be prompted to log in with your existing credentials. After you're logged in, you can set up the passkey. Other password manager alternatives Since Microsoft will get rid of all of your passwords in two weeks, you'll need a new place to store your passwords safely. Tomaschek has a few of the best password manager recommendations after testing and reviewing several. The top recommendation is Bitwarden for its transparency. It's open-source and audited annually. From a price perspective, the free plan lets you store infinite passwords across unlimited devices. The free plan also includes features most password managers would charge for, including password sharing and a username and password generator. Bitwarden's upgraded plans have other upgraded features that could be worth the cost, too. Personally, Tomaschek has been using 1Password for a while, and he likes the interface and family plan. Even though it's second on the list, Tomaschek says it's just as good as Bitwarden.
