Microsoft is phasing out password support in its Authenticator app, transitioning users to passkeys by August 2025 to enhance digital security.
Beginning this month, Microsoft Authenticator will no longer support autofill password functionality. The most significant change will occur in August 2025, when all previously saved passwords within the Authenticator application will become inaccessible. Users will instead be required to utilize passkeys, which include authentication methods such as PINs, fingerprints, or facial recognition.
Attila Tomaschek, CNET‘s software senior writer and digital security expert, stated that passkeys offer a more secure alternative to traditional passwords. This transition addresses common password vulnerabilities, particularly given that 49% of US adults exhibit risky password habits, according to a recent CNET survey. Tomaschek emphasized, “Passwords can be cracked, whereas passkeys need both the public and the locally stored private key to authenticate users, which can help mitigate risks like falling victim to phishing and brute-force or credential-stuffing attacks.” He further explained that passkeys leverage public key cryptography for user authentication, thereby eliminating reliance on user-generated passwords, which are frequently weak or reused across multiple accounts.
These passwords get you hacked: 15 rules to follow
The Microsoft Authenticator application previously facilitated password storage and sign-in to Microsoft accounts using biometric data or a PIN, including Windows Hello for facial recognition or fingerprint scanning. It also functioned for identity verification during password recovery and for two-factor authentication, adding an additional security layer for Microsoft accounts. As of June, Microsoft ceased allowing users to add new passwords to Authenticator. The company’s implementation timeline indicates that by July 2025, the autofill password function will be disabled, and by August 2025, saved passwords will no longer be usable within the application.
Users who prefer to retain password usage, rather than adopting passkeys, have the option to store them within Microsoft Edge. However, CNET experts recommend the adoption of passkeys during this transition period. Passkeys are credentials developed by the Fast Identity Online Alliance. They utilize biometric data or a PIN to verify user identity and grant account access, similar to using a fingerprint or Face ID for login. Passkeys offer enhanced security compared to passwords, which are susceptible to guessing or phishing attempts. Unlike passwords, passkeys are not stored on servers; they reside exclusively on the user’s personal device, eliminating the need for password memorization or a separate password manager.
Microsoft detailed its passkey setup process in a May 1 blog post. The system will automatically detect and suggest the most suitable passkey for setup, designating it as the default sign-in option. If an account is configured with both a password and a one-time code, users will initially be prompted to sign in with the one-time code. Following successful sign-in, the system will prompt users to enroll a passkey. Subsequent sign-ins will then utilize the newly enrolled passkey. To manually set up a new passkey, users can open the Authenticator app on their phone, select their account, and tap “Set up a passkey.” The process requires logging in with existing credentials before the passkey can be configured.
