Microsoft has announced its intention to phase out support for the password management feature in the popular Microsoft Authenticator app, starting in the summer of 2025.
This decision comes at a time when cyberattacks targeting passwords are experiencing an unprecedented increase. The company's statistics reveal that it intercepts approximately 7,000 password attacks every second, double the number recorded just one year ago.
The app, which has been downloaded more than 100 million times on the Google Play Store alone, will undergo significant changes starting this month, with the introduction of a ban on adding new passwords. The changes will be followed by the removal of the autofill feature in July, along with the deletion of all stored payment data. Finally, the complete removal of access to saved passwords will be implemented in August of the same year.
These gradual steps are intended to allow users enough time to sort out their situations and move to the proposed alternatives.
Behind this bold decision is a new security philosophy that Microsoft considers imperative in the face of an evolving threat landscape. Data indicates a staggering 146% increase in phishing attacks to steal credentials.
The company, which describes the era of traditional passwords as "in its final days," is pushing hard for the adoption of "passkeys" as a more secure alternative, allowing users to log in using fingerprint, facial recognition, or a PIN, while avoiding the vulnerabilities inherent in traditional passwords.
There are currently two main options for users interested in keeping their passwords stored in the app: the first is to switch to the Edge browser, which offers a similar password management service, and the second is to export the data to another password management app.
However, Microsoft warns that this export process will temporarily render the data unencrypted, requiring the export file to be deleted immediately after the transfer to protect the information from potential breaches.
This transition is not without challenges, as it will permanently delete all passwords generated through the app and not saved elsewhere after August 2025. While the app will retain its core two-step verification functionality, this move represents a major turning point in the company's digital identity management policies, presenting users with crucial choices that require swift action to avoid any disruption to their digital services in the near future.
