Why Microsoft Is Phasing Out Passwords for good.

TL;DR

Microsoft is removing password support from its Authenticator app this summer. As of June, you haven’t been able to add new passwords; in July autofill stops working; and by August all saved passwords will be deleted. The replacement?

FIDO-based passkeys that are stored encrypted on your device and use biometrics / PIN for phishing-proof sign-ins.

The Password Problem

Passwords have been the backbone of online security for decades and the way we into most our work and online services like shopping sites, email, Snapchat etc.. You name it.

But.. They are a huge weak link and the primary way people and companies get hacked and online identities stolen!

  • Microsoft report they see password account attacks in the realm of  7,000 attempts per second against Microsoft consumer accounts alone.
  • People reuse weak or memorable passwords across dozens of sites because they are hard to remember
  • Password managers whilst helpful, provide a single attack space for hackers.
  • Phishing, brute-force and database leaks make passwords a persistent liability and AI in increasing the number of attacks.

Microsoft’s stats show password success rates (getting a log in correct with your password) of 32%, compared with 98% for passkeys—proof that passwords aren’t just less secure, they’re also more error-prone and easier to use once set up.

What Are Passkeys?

Passkeys are an evolution of authentication built on FIDO (Fast Identity Online) standards. Here’s what makes them different:

  • Stored only on your device protected by your Pin and Biometrics and never on a central server. 
  • Rely on biometrics (Face ID, fingerprint) or a local PIN. 
  • Immune to phishing and replay attacks because there’s no password to steal. 
  • Seamless: once set up, you tap or scan to log in anywhere passkeys are supported.
  • Easier to use since you don’t have to remember complex passwords.

Microsoft Authenticator Timeline

To ease the transition away from storing passwords and moving to passkeys, Microsoft has shared the process which started last month.

  • June 2025: Microsoft disabled ability to add new passwords to Authenticator.      
  • July 2025: Password autofill in Authenticator is disabled.            
  • August 2025: All passwords saved in Authenticator are permanently deleted (export before then).

Keeping/Exporting  your passwords.

If you want to export your passwords stored in Authenticator you can. These can then be imported into other password managers. To do this:

  • Open Authenticator
  • Goto Passwords, then Export.
  • Save the CSV file securely or import it into another password manager.
  • If you still rely on passwords, migrate them to Microsoft Edge’s built-in vault or a third-party manager like 1Password.

Start creating Passkeys.

  • Still in the Authenticator app or via your Microsoft account’s security settings, select Passkeys > Add new passkey.  
  • Follow the prompts to register with Face ID, fingerprint or PIN.

Update your accounts to use Passkeys

  • This is unfortunately a bit laborious, since you will need to visit each website or service that offers passkey login and link your new passkey.

Why go Passwordless.

There’s a heap of reasons once you’ve got past the process of creating Passkeys.

  • Stronger Security: No password to steal means it’s virtually impossible to phish or brute-force your credentials. 
  • Better Usability: Unlock with a quick biometric scan or PIN—no more juggling complex passwords. 
  • Future-Proof: Passkeys and the move to passwordless is backed by all major identity provider platforms (Microsoft, Cisco, Apple, Google, Amazon) and over 15 billion accounts already support them.
  • The industry is moving to passwordless: all the tech giants are moving this was to finally try to rid the world of passwords. Apple, Google and Amazon have also committed to a passwordless future. Whether it’s signing into an app, online banking or shopping, passkeys are becoming the universal standard.

Today, the use of passkeys is growing but with the tech giants behind the Phasing out of passwords they will soon be the way we sign into all. Out online services.

Microsoft now lets you make your password more secure….by removing it completely!

Microsoft has made a giant leap forward in making your online world more secure by making passwords optional for personal MSA accounts like your personal Office 365 account/Hotmail etc.

It’s no secret, that Microsoft is actively striving to make passwords a thing of the past by supporting passwordless accounts. Microsoft already have support for passwordless sign in for commercial Microsoft 365 users as well as personal (MSA) accounts, but is taking this a step further by allowing the password to be totally removed!!!

Beginning today, you can now completely remove the password from your Microsoft consumer account. Use Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your favourite apps and services, such as Outlook, OneDrive, FamilySafety, and more.

Vasu Jakkal | CVP of Microsoft Security

How is passwordless more secure than MFA?

Firstly, Microsoft isn’t alone in their view here with both Facebook and Google also starting to actively champion the “death of the password” which is typically the weakest link in online account security since it’s often compromised stolen or phished. Lets face it, nobody likes passwords as we have to create evermore complex and unique passwords, remember them, and change them frequently (and of course use different ones across different sites).

In a blog on the topic today, Microsoft said that they “have heard great feedback from our enterprise customers who have been on the passwordless journey with us. In fact, Microsoft itself is a great test case — nearly 100% of our employees use passwordless options to log in to their corporate account.”.

Going Passwordless

In order to make your MSA account totally passwordless, you need to ensure you have and are using the Microsoft Authenticator app on your phone and ensure it’s set-up to use Muti-Factor Authentication.

Once this is working, you can then go to https://account.microsoft.com , sign in, and then navigate to “Advanced Security Options”. Once here, you should now see a subsection called “Additional Security Options” where there will be a “Passwordless Account” option, which you can turn on.

Enabling Passwordless

It is unknown if or when Microsoft will remove passwords all together and at the moment, you can still re-add a password for your Microsoft account if you want/need to.

Microsoft “Authenticator app” now lets users change their passwords directly from the app

The Microsoft Authenticator app on Android has been updated and now lets users change security information and passwords right from within the app. This update also lets users view recent sign in activity, such as recent login attempts or changes to their account. This features update bring the android version upto date with the iOS version, which got this update back in May.

With the updated version, users can tap on the account name in the app which then opens a full-screen page for that account’s settings. Here it provides the one-time passcode for second-factor authentication, along with other options such as changing the password, updating security information, reviewing recent activity, and removing the account from authenticator should you wish.

These options are presented directly inside the app in a kind of in-line browser that lets users perform these actions without needing to switch to a browser or make these changes on the web. This works for corporate accounts as well as personal Microsoft accounts such as those with personal Microsoft 365 accounts.

Note: the account management options are not be available to Azure AD accounts as Microsoft want to empower IT admins to choose which options are made available to users from the Authenticator App.

Users can download the Microsoft Authenticator app for Android from the Google Play Store here.