Microsoft announced that it will gradually retire password management capabilities (i.e., the ability for a user to use Microsoft Authenticator to import, remember, and fill in passwords in mobile browsers) in its Microsoft Authenticator application. Users cannot add new passwords and fill website forms with stored passwords, and starting August 1, 2025, all stored passwords will be no longer be accessible in the Authenticator app. Before August 1, 2025, users can manually export passwords (but not saved payment data) from the Authenticator app. This move will have three immediate effects:

  1. Further reduce user reliance on passwords. Because of phishing, decryption, cracking, snooping, keystroke logging, replay, and availability of passwords in the dark web, passwords’ value is converging to minimal to zero when it comes to preventing unauthorized access and protecting valuable data. This move should help users rely on passwords less and less, especially for any new account signups.
  2. Promote stronger passwordless authentication methods. FIDO Passkeys, internet backchannel-based push messages, and device-side one time password (OTP) generation are all stronger authentication methods than passwords. Removing password storage from Authenticator will require users to adopt stronger authentication methods, which is a good thing.
  3. Migrate password management to the Edge browser. To meaningfully compete with Google’s Chrome and Firefox’s built-in password managers, Microsoft is promoting its Edge browser to consumers and continues to offer password management within Edge. This may also allow Microsoft to exert greater influence on the user experience and, beyond the authentication flow control, also promote the use of its integrated Copilot genAI.

An unexpected side effect of the announcement will be renewed focus on independent password management solutions, such as 1Password, Keeper Security, Dashlane, KeePass, Bitwarden, and others. As these solutions can also manage and synchronize FIDO Passkeys across multiple operating systems and browser types, these tools may gain unexpected importance and adoption, keeping in mind that these password wallets remain a tempting honey pot for hackers.