Particle.news

Download on the App Store

Microsoft Authenticator to Delete Stored Passwords and Mandate Passkeys

Users must set up biometric passkeys or export credentials to Edge or a third-party manager before the August 1 deadline

Image
FILE - A Microsoft sign and logo are pictured at the company's headquarters, Friday, April 4, 2025, in Redmond, Wash. (AP Photo/Jason Redmond, File)
microsoft authenticator logo with a phone in front view
Image

Overview

  • Starting August 1, Microsoft Authenticator will remove all stored passwords and disable its in-app autofill feature.
  • Users are required to configure FIDO-compliant passkeys secured by biometrics or PINs within Authenticator to continue logging into supported services.
  • Passwords deleted from the app will remain synced to users’ Microsoft accounts and can be accessed via the Edge browser or exported to other password managers.
  • Microsoft cited a surge to 7,000 password attack attempts per second in 2024 as the key security rationale for transitioning to phishing-resistant passkeys.
  • Because many websites and legacy systems still rely on traditional passwords, users and organizations will navigate a hybrid environment of passwords and passkeys for the foreseeable future.