Microsoft gives users 72 hours to delete all passwords
Microsoft is urging users to remove passwords from the Authenticator app and replace them with Passkeys within 72 hours.
End of the 'era of passwords': A call from Microsoft
Microsoft has declared that "the era of passwords is ending" and is recommending that billions of users ditch their passwords due to the rise in account attacks. To make the change happen, Microsoft is giving users a 72-hour deadline to take action.
In essence, Microsoft's decision to require users to delete any passwords they've stored in the Authenticator app is an anti-phishing move. Users "can continue to access them" using Microsoft Edge, a secure and user-friendly web browser powered by AI.
Switching to Passkeys: Action Needed Now
Passkey, an anti-phishing form of authentication, will be maintained in Authenticator, replacing traditional passwords. Users should ensure that Authenticator remains the passkey provider to avoid disabling this feature.
Microsoft warns that even if a passkey is used, an account is still vulnerable to attack if the password is still present. The company's goal is to eliminate passwords altogether, using only anti-phishing authentication methods like passkeys.
Some passwords that can't be replaced with a passkey need to be moved to another storage location, but for accounts that support passkeys, Microsoft recommends users upgrade their security immediately.
"Enrolling passkeys is an important step, but it's just the beginning. Even if we convince over a billion users to enroll and use passkeys, if a user has both a passkey and a password, and both grant access to an account, that account is still vulnerable to phishing attacks. Our ultimate goal is to eliminate passwords entirely and have accounts that only support phishing-resistant credentials," Microsoft said.