Microsoft Confirms Password Deletion–Now Just 8 Weeks Away

Microsoft wants to delete passwords for its billion-plus users, now “the password era is ending” and set against the backdrop of hundreds of millions of email addresses and passwords being stolen. “Bad actors know” passwords are finished, Microsoft says, “which is why they’re desperately accelerating password-related attacks while they still can.” All of which amplifies the risk for anyone yet to upgrade their account security.

In parallel, Microsoft is making another headline change, deleting passwords for millions of users just 8 weeks from now. Anyone using Microsoft Authenticator is being warned that “from August 2025, your saved passwords will no longer be accessible and any generated passwords not saved will be deleted.“ You must act now.

ForbesMicrosoft Confirms New Update Failure For Windows UsersBy Zak Doffman

Here are your deadlines:

• “Starting June 2025, you will no longer be able to save new passwords in Authenticator.
• During July 2025, you will not be able to use autofill with Authenticator.
• From August 2025, your saved passwords will no longer be accessible in Authenticator.“

The company’s solution is to first move autofill and then any form of password management to Edge. “Your saved passwords (but not your generated password history) and addresses are securely synced to your Microsoft account, and you can continue to access them and enjoy seamless autofill functionality with Microsoft Edge.”

Microsoft has added an Authenticator splash screen with a “Turn on Edge” button as its ongoing campaign to switch users to its own browser continues. It’s not just with passwords, of course, there are the endless warnings and nags within Windows and even pointers within security advisories to switch to Edge for safety and security.

Microsoft says that “to continue to use generated passwords, save them from Generator history (via or from the Password tab) into your saved passwords,” and that “after July 2025, any payment information stored in Authenticator will be deleted from your device.” and “after August 2025, your saved passwords will no longer be accessible in Authenticator and any generated passwords not saved will be deleted.”

Ironically, Microsoft’s Authenticator will continue to support passkeys and that’s actually what all users should be doing now. Forget old school passwords and two-factor authentication (2FA), all critical accounts should have passkeys added where available, especially your Microsoft and Google accounts.

ForbesDo Not Make These Calls On Your Smartphone, Warns GoogleBy Zak Doffman

Microsoft wants users to delete passwords once that’s done, so no legacy vulnerability remains, albeit Google has not gone quite that far as yet. You do need to remove SMS 2FA though, and use an app or key-based code at a minimum.

FIDO‘s latest research reports that “over 35% of people had at least one of their accounts compromised due to password vulnerabilities… This is significant for passkey adoption, as 54% of people familiar with passkeys consider them to be more convenient than passwords, and 53% believe they offer greater security.”