In a significant shift for its user base, Microsoft has announced that it will phase out the password storage and autofill feature from its Microsoft Authenticator app, starting in June 2025. This decision marks a strategic move by the tech giant to streamline password management and enhance security measures by directing users toward its Edge browser for password handling.
The changes will unfold in three key phases. Beginning June 1, 2025, users will no longer be able to save new passwords within the Authenticator app. Then, in July, the autofill feature, which allows users to automatically fill in their login credentials on websites and apps, will be discontinued. Finally, by August 2025, any saved passwords will become inaccessible in the Authenticator app, and any unsaved generated passwords will be deleted.
Microsoft's announcement has raised eyebrows among users who have relied on the Authenticator app not only for two-factor authentication (2FA) but also for password management. The Authenticator app has been positioned as a dual-purpose tool, providing both security features and a means to store passwords securely across devices.
“After July 2025, any payment information stored in Authenticator will be deleted from your device,” Microsoft stated, emphasizing the importance of transitioning to its Edge browser for continued access to password management. “Your saved passwords (but not your generated password history) and addresses are securely synced to your Microsoft account, allowing you to continue enjoying seamless autofill functionality with Microsoft Edge.”
As part of this transition, Microsoft is encouraging users to embrace the password management capabilities of the Edge browser, which integrates password storage and autofill features. The company has assured users that their saved passwords will remain accessible through Edge, thus minimizing disruption.
In a broader context, the move aligns with Microsoft’s commitment to enhancing security by promoting the use of passkeys. Passkeys, which have been in development since 2012 under the FIDO Alliance, offer a more secure alternative to traditional passwords. Unlike passwords, which can be easily guessed or compromised, passkeys use a unique public-private key pair that makes them nearly impossible for hackers to intercept.
Steve Won, chief product manager at 1Password, elaborates on the security of passkeys, stating, “Every passkey is made up of two keys—a unique public key, which is created and stored on that company’s server, and a private key, which is stored on the user’s device.” This structure ensures that passkeys cannot be reused or leaked online, providing a robust defense against cyber threats.
Microsoft's decision to phase out password storage in the Authenticator app has not been without its critics. Some users have expressed frustration, with comments surfacing on social media platforms like X (formerly Twitter). One user lamented, “Microsoft is really all in on screwing over their customers,” while another remarked, “So I should just get rid of Microsoft Authenticator app and never dare rely on another Microsoft product. Got it.”
Despite the backlash, Microsoft maintains that this transition is necessary to combat the rising tide of password-related attacks. Sangeeta Ranjit and Scott Bingham from Microsoft’s identity and access management team emphasized, “There’s no doubt about it, the password era is ending. Bad actors know it, which is why they’re desperately accelerating password-related attacks while they still can.”
For users of Windows 11, the transition to passkeys and the Edge browser will be seamless. Katherine Holdsworth, a partner group product manager at Microsoft, noted that users will be prompted to select how they want to save their passkeys when navigating to a website that supports them. This integration will allow users to utilize the same passkey on Windows 11 that they’ve created on their mobile devices.
However, users who have relied on the Authenticator app for password management are advised to export their information before the complete phase-out in August 2025. Microsoft has made it clear that any generated passwords not saved will be deleted after that date, underscoring the urgency for users to take action.
As Microsoft shifts its focus from the Authenticator app to the Edge browser for password management, the company is also positioning itself at the forefront of a broader industry trend toward passwordless authentication. This move reflects a growing recognition that traditional passwords are increasingly inadequate for securing online accounts.
Chris Hauk, a Consumer Privacy Advocate at Pixel Privacy, highlighted the limitations of passwords, stating, “Passwords are both hard to remember and in most cases, easy to guess.” He noted that passkeys offer several advantages, including the elimination of the need to enter an email address and password to log in, making it especially convenient for users on mobile devices.
In conclusion, Microsoft’s decision to discontinue password storage and autofill features in the Authenticator app is part of a larger strategy to enhance security and streamline user experience. As the company pushes toward a passwordless future, users are encouraged to adapt to these changes by transitioning to the Edge browser and embracing the use of passkeys. The landscape of online security is evolving, and staying informed about these changes is crucial for maintaining secure access to digital accounts.
