Passwordless Future Still Distant Despite Microsoft’s Push
▼ Summary
– Microsoft Authenticator will stop supporting password storage and autofill from August 1, pushing users to export passwords to Edge or alternative managers.
– Microsoft encourages a shift to passkeys, seen as more secure and user-friendly, though Authenticator still supports them.
– Security experts argue a passwordless future is years away, making password managers essential for enterprise security.
– Many organizations still use hybrid authentication (passwords and passkeys), with 40% operating in such environments.
– Transitioning to passkeys will take time due to legacy systems and recent MFA adoption, requiring continued password guidance and safeguards.
The shift toward a passwordless future remains gradual, with password managers continuing to play a crucial role in cybersecurity despite Microsoft’s recent changes to its Authenticator app. Security experts emphasize that while passkeys offer a more secure alternative, widespread adoption will take years, leaving traditional password solutions essential for businesses and individuals alike.
Microsoft has been phasing out password storage features in its Authenticator app since June, disabling new password additions and autofill capabilities. By August 1, saved passwords will no longer be accessible through the app, though users can still retrieve them via Microsoft Edge or export them to other password managers. The company’s push for passkeys, a biometric or PIN-based authentication method, reflects its vision for a passwordless ecosystem, but industry adoption lags behind.
Despite the growing popularity of passkeys, many organizations still rely on hybrid authentication systems, blending traditional passwords with newer methods. Darren Guccione, CEO of Keeper Security, notes that 40% of businesses operate in such mixed environments, highlighting the ongoing need for robust password management solutions. “The transition to passwordless authentication is happening, but it’s far from complete,” he explains. “Until then, secure password generation and storage remain vital.”
Steve Furnell, a cybersecurity professor at the University of Nottingham, agrees that the shift will be slow. “Many companies have only just adopted multi-factor authentication (MFA), making further upgrades to passkeys a lower priority,” he says. Legacy systems and budget constraints also delay the move, leaving some organizations dependent on traditional passwords for the foreseeable future.
For businesses still using passwords, Furnell stresses two key measures: clear user education on password best practices and automated safeguards to enforce security policies. “People perform better when they understand the reasoning behind security rules,” he adds. “At the same time, systems should minimize risks by default, regardless of individual habits.”
While passkeys represent the next evolution in authentication, the complete elimination of passwords remains years away. Until then, password managers will stay a critical defense against identity theft and cyber threats.
(Source: InfoSecurity Magazine)
