Saved passwords will no longer be accessible in Authenticator.
This is the last day that Microsoft Authenticator app will manage passwords as the company moves users away from passwords to passkeys.
As of tomorrow, saved passwords will no longer be accessible in Authenticator after the option to autofill with Authenticator was removed in July.
According to a Microsoft Support blog, from August 2025 any saved passwords will no longer be accessible in Authenticator, and any generated passwords not saved will be deleted.
Steven Furnell, IEEE senior member and professor of cybersecurity at the University of Nottingham said that as the authentication landscape has evolved, we now have better options available across many devices and services, with password managers, passkeys and biometrics all playing their part in reducing the burden and improving protection.
“While we are seeing a shift towards a passwordless future, this transition will take some time. Many organisations have only recently moved to multifactor authentication (MFA) and so will have less desire or incentive to develop other technologies like passkeys, even if doing so could improve user experience,” he said.
Gradual Transformation
Darren Guccione, CEO and co-founder of Keeper Security, said that rather than heralding a drastic sea-change, Microsoft’s decision arrives amid a more gradual transformation, one that is still very much in progress.
“Solutions that can generate and secure traditional passwords remain critical for individuals and organisations alike – even as passwordless authentication becomes more widely adopted across digital systems,” he said.
“The solution lies in strategic layering. Businesses should prioritise deploying passkeys in high-security areas, such as privileged access and customer data, while ensuring that any remaining passwords are strong, unique and encrypted.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
