Microsoft has announced a major shift in its authentication strategy, confirming that the Microsoft Authenticator app will discontinue its password autofill and storage features starting July 2025.
After August 1, 2025, all saved passwords will be permanently deleted from the app.
This move is part of Microsoft’s broader plan to consolidate password management within the Microsoft Edge browser, which will become the exclusive platform for storing and using saved credentials.
Users will no longer be able to add or import new passwords into the Authenticator app beginning June 2025.
While autofill functionality will remain available throughout July, it will be fully disabled by August, and any payment information stored in Authenticator will also be deleted from devices.
Microsoft recommends that users export their passwords from Authenticator and import them into Edge or another dedicated password manager before the deadline.
Transitioning to Passwordless Authentication
This change is a significant step in Microsoft’s ongoing push towards a passwordless future.
The company is advocating for passkeys—biometric and device-bound credentials—as a more secure alternative to traditional passwords, which are susceptible to phishing and credential theft.
Passwordless authentication leverages technologies like biometrics (fingerprint or face recognition), FIDO2 security keys, and one-time password (OTP) codes generated by apps or delivered via SMS/email.
For users and organizations, enabling passwordless sign-in with Microsoft Authenticator involves configuring settings in Azure Active Directory, such as number matching (code matching) and contextual notifications that display the requesting app and location.
This enhances security by ensuring users can verify the legitimacy of authentication requests.
Technical Guidance:
Developers and IT administrators can interact with Microsoft Authenticator methods programmatically using the Microsoft Graph API.
For example, to list a user’s registered Authenticator methods, the following HTTP request can be used:
textGET https://graph.microsoft.com/v1.0/users/{userPrincipalName}/authentication/microsoftAuthenticatorMethods
A successful response will return details such as device name, app version, and registration date.
For application developers, Microsoft provides code samples and libraries (e.g., MSAL.js, MSAL.NET) to implement secure authentication flows, including OAuth 2.0 Authorization Code with PKCE and On-Behalf-Of (OBO) patterns, in popular frameworks like React, Angular, ASP.NET, and Node.js.
These resources help ensure a smooth transition to passwordless and multi-factor authentication scenarios.
Key Takeaways for Users and Organizations
- Export passwords from Authenticator before August 2025 to avoid data loss.
- Switch to Microsoft Edge or another password manager for autofill and password storage.
- Enable passkeys and passwordless authentication for enhanced security.
- IT admins should update authentication policies and educate users about the transition.
This transition marks a pivotal moment in digital security, emphasizing stronger, phishing-resistant authentication methods and a move away from vulnerable password-based systems.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?resize=1600,900&ssl=1&description=This move is part of Microsoft’s broader plan to consolidate password management within the Microsoft Edge browser.){kind=link}