Microsoft Authenticator to Discontinue Password Support and Cease Operations by August 2025

Microsoft has announced significant modifications to its popular Authenticator application, with critical features being discontinued in the coming months. 

Starting July 2025, the autofill functionality within Microsoft Authenticator will cease operations, followed by the complete removal of password accessibility features in August 2025. 

Key Takeaways
1. Automatic credential filling feature will stop working starting July 2025.
2. Password Access Ends August 2025: Users lose the ability to store and retrieve passwords in the app.
3. Two-step verification, TOTP codes, and biometric authentication continue working.
4. Move stored passwords to alternative password managers before the August deadline.

This development marks a substantial shift in Microsoft’s approach to multi-factor authentication (MFA) and passwordless authentication strategies.

Discontinuation of the Autofill Feature

The upcoming changes will significantly impact users who rely on Microsoft Authenticator’s comprehensive security features. 

The autofill capability, which allowed users to populate login credentials across various platforms automatically, will be the first feature to be discontinued in July 2025. 

This functionality utilized advanced cryptographic protocols and secure token generation to provide seamless authentication experiences across Microsoft 365 applications and third-party services.

The more substantial change occurs in August 2025, when password storage and retrieval functions will be removed entirely from the Authenticator app. 

This affects the app’s ability to serve as a centralized password manager, forcing users to migrate their stored credentials to alternative solutions. 

The technical architecture supporting these features, including encrypted password vaults and synchronization protocols, will be decommissioned as part of this transition.

Despite these limitations, Microsoft Authenticator will continue supporting its core two-step verification and multi-factor authentication (MFA) functionalities. 

Users will still be able to generate Time-based One-Time Passwords (TOTP) using the HMAC-based algorithm, receive push notifications for authentication approval, and utilize biometric verification methods, including fingerprint scanning and facial recognition, through Windows Hello integration.

Impact on Passwordless Authentication

The transition primarily affects Microsoft’s passwordless authentication ecosystem, which relies on FIDO2 and WebAuthn standards for secure, password-free login experiences. 

While the core passwordless functionality remains intact, users will lose the convenience of integrated password management within the same application.

Organizations implementing Azure Active Directory (Azure AD) authentication policies will need to reassess their security frameworks and potentially adopt alternative password management solutions.

IT administrators should prepare for an increase in support requests and consider implementing Conditional Access policies to maintain security standards during the transition period.

Users currently leveraging Authenticator’s password management features should begin migrating their credentials to dedicated password managers such as Microsoft’s own Password Manager within the Edge browser, Azure Key Vault for enterprise users, or third-party solutions that support SAML and OAuth 2.0 authentication protocols.

The company recommends users continue utilizing Authenticator for its primary authentication functions while exploring alternative solutions for password management. 

This strategic shift appears to align with Microsoft’s broader focus on advancing passwordless authentication technologies and encouraging the adoption of more secure biometric and hardware-based authentication methods across its ecosystem.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now