Starting in August, Microsoft will eliminate the storage of saved passwords in its Authenticator app, transitioning to the use of passkeys. This change follows a concerning report indicating that nearly half of adults in the U.S. engage in risky password behaviors, such as reusing passwords across various accounts. The decision to favor passkeys over passwords is seen as a significant step towards enhancing online security, especially considering the vulnerabilities associated with traditional passwords, including their susceptibility to phishing and brute-force attacks. For users who still prefer to store passwords, Microsoft Edge will remain an option, albeit with different access procedures.
Microsoft Authenticator serves multiple purposes, from housing passwords to providing biometric sign-ins through features like facial recognition and fingerprints. However, effective June, Microsoft ceased allowing users to add new passwords to Authenticator, with a timeline for the complete removal of password support continuing until August 2025, when saved passwords will no longer be accessible. This transition period gives users a clear indication of the impending changes and encourages early adoption of the more secure passkey system.
Passkeys, defined by the Fast Identity Online Alliance, are a modern authentication method that facilitates account access through biometric verification or PIN usage. Unlike passwords—which can be easily cracked—passkeys enhance security by requiring both a public and a locally stored private key, significantly reducing the risks of phishing and credential stuffing attacks. Notably, passkeys are stored only on personal devices and eliminate the need for password memory or management tools.
To facilitate this change, Microsoft has made provisions for users to easily transition to passkeys. A blog post announced that upon logging in with existing credentials, users will be prompted to enroll a passkey automatically, making it the default method for subsequent logins. This user-friendly approach is intended to simplify the transition process and ensure that users are promptly converted to the safer passkey system.
Setting up a passkey in the Microsoft Authenticator involves a straightforward procedure. Users simply need to open the app, select their account, and choose the “Set up a passkey” option. After logging in with existing credentials, they can successfully register a passkey, which will enhance their security while removing the hassle of password management.
Overall, Microsoft’s shift towards passkeys represents a proactive approach in aiding user security by reducing reliance on traditional passwords, which are often weak and compromised. This transition not only aligns with the growing concerns around cybersecurity but also encourages users to adopt safer digital habits moving forward. Embracing passkeys is set to be the next new standard in secure authentication, promoting a more secure online environment for all users.
