Microsoft is set to delete passwords for its billion-plus users in a bid to bring an end to the “password era.” The company claims that with this move, “bad actors know” that passwords are no longer secure and are accelerating their attacks on password-related vulnerabilities. This change is crucial for anyone who has not yet upgraded their account security.
From June 2025, users will no longer be able to save new passwords in Microsoft Authenticator. In July 2025, autofill functionality with Authenticator will also cease. By August 2025, saved passwords will no longer be accessible in Authenticator, and any generated passwords not saved will be deleted.
To avoid this risk, Microsoft recommends moving autofill and password management to its Edge browser. Users can continue to access their saved passwords and enjoy seamless autofill functionality with Microsoft Edge. The company has also added an Authenticator splash screen with a “Turn on Edge” button as part of its ongoing campaign to switch users to its own browser.
However, experts warn that this move is an opportunity for users to reevaluate their account security. Instead of moving passwords from Authenticator, users should consider deleting passwords and replacing them with passkeys. This would eliminate legacy vulnerabilities and provide greater security.
Recent research highlights the risks associated with password vulnerabilities, with over 35% of people having had at least one of their accounts compromised due to password weaknesses. Passkey adoption is gaining traction, with 54% of people finding them more convenient than passwords and 53% believing they offer greater security.
Meanwhile, Microsoft accounts are now vulnerable to a new attack that has exploited Google’s App Scripts to send malicious phishing emails. The attackers have created a fraudulent login window that mimics authentic Microsoft authentication interfaces, making it easier for recipients to hand over sensitive information.
To protect yourself, experts advise against moving passwords from Authenticator and instead recommend deleting account passwords and replacing them with passkeys. By doing so, you can eliminate legacy vulnerabilities and enjoy greater security.
Source: https://www.forbes.com/sites/zakdoffman/2025/05/31/microsoft-confirms-password-deletion-now-just-8-weeks-away