For many of this yr, Microsoft has been warning customers that they’ll not be capable of use its Authenticator cellular software for person ID and password administration. As reported by CNET on July 29, 2025, “In June, the corporate stopped letting customers add passwords to Authenticator…. And beginning Aug. 1, you may not be capable of use saved passwords.”
Additionally: How passkeys work: The entire information to your inevitable passwordless future
To me, the dire warnings of this pending doomsday-like deadline are harking back to the run-up to January 1, 2000 — the so-called “Y2K downside” — when it was anticipated that computer systems in every single place would expertise a meltdown as a result of their programmers by no means thought of the chance that their software program would nonetheless be in use within the twenty first century.
The good passkey migration
However most of this reporting overlooks the larger shift that is underway throughout Microsoft’s id administration portfolio and, in lots of circumstances, is lacking key particulars in regards to the future roles of Microsoft Authenticator and the Microsoft Edge browser in the case of one other colossal shift that is at present in progress: the world’s transition from passwords to passkey.
A passkey is unequivocally a safer credential than a password in the case of logging into web sites and apps. Passkeys can’t be guessed, the identical passkey can’t be reused throughout totally different web sites and apps, and also you can’t be tricked into divulging your passkeys to malicious actors by strategies equivalent to phishing, smishing, squishing, and malvertising. Even if you happen to’re strengthening person IDs and passwords with further components of authentication, passkeys are a greater and safer different.
Additionally: I changed my Microsoft account password with a passkey – and you must, too
In actual fact, of the main expertise distributors which are encouraging end-users to change to passkeys, no vendor is pushing customers to transition as arduous as Microsoft is. However, on the similar time that Microsoft is aggressively campaigning for that transition, we’re nonetheless ready for Microsoft to supply the great credential administration capabilities which are essential to help that future.
Managing passwords after Authenticator
For customers who managed their person IDs and passwords with Authenticator and need to stick with Microsoft-based options to handle their person IDs and passwords, their solely choice is to export their passwords from Microsoft Authenticator to Microsoft’s Edge internet browser. As soon as customers do that, Edge won’t solely take over the function of managing these person IDs and passwords, it should additionally deal with the auto-provisioning of these credentials (a.ok.a. autofill) on the time of login and the synchronization of these credentials to the person’s different copies of Edge.
Along with Home windows, Edge is on the market on MacOS, iOS, Android, and Linux. Given Edge’s cross-platform attain when in comparison with that of Microsoft Authenticator (iOS and Android), it makes extra sense for Edge to deal with credential administration and autofill.
This method, the place Microsoft is facilitating credential administration by the browser as an alternative of a cellular software carefully resembles the best way Google is dealing with credential administration and autofill by its Chrome browser. Each browsers are based mostly on Chromium and supply customers some fundamental password administration capabilities, and each depend on a central cloud to deal with credential synchronization to the identical browser on different units.
The issue with non-syncable passkeys
However, on the time this text was revealed, whereas Chrome’s password administration capabilities will auto-provision and synchronize credentials of each sorts (passwords and passkeys) to a person’s different installations of Chrome, Edge can solely synchronize passwords. In keeping with a Microsoft spokesperson who was interviewed for this story, “passkeys created for companies like PayPal and eBay are saved as device-bound credentials in Home windows and could be accessed through Home windows Settings > Accounts > Passkeys. These should not saved or synced in Edge.”
In different phrases, Edge for Home windows is able to dealing with and auto-provisioning passkeys throughout a login, however not the opposite variations of Edge. I confirmed this by making an attempt to make use of Edge for Android to register a passkey for eBay. Rather a lot occurs behind the scenes once you register a passkey for the primary time, and I clarify the method in How Passkeys Work: Let’s Begin the Registration Course of.
Additionally: 10 passkey survival ideas: Put together to your passwordless future now
Whereas an eBay passkey registration choice exists when utilizing Edge for Home windows, no such choice was accessible to me on Edge for Android. Along with that limitation, the eBay passkey that I used to be in a position to set up on Edge for Home windows couldn’t be synchronized to my copy of Edge for Android. This confirmed the spokesperson’s assertion about passkeys being “saved as device-bound credentials in Home windows.” Machine-bound passkeys are additionally known as “non-syncable passkeys.” They’re tied to the machine that was used to create them and can’t be synchronized to a different machine. Because it seems, the passkey that I established by Edge operating on my copy of Home windows 11 was certain through Home windows Good day to the Trusted Platform Module (TPM) in my HP Pocket book.
This raises the query of the place, throughout Microsoft’s portfolio, customers would possibly be capable of discover help for syncable passkeys since they’re by far essentially the most handy type of passkey to make use of for the web sites and apps that help them. In spite of everything, the corporate is already supporting syncable person IDs and passwords by Edge. The very last thing most customers need to do is handle a number of device-bound passkeys for every web site and app they use. Higher to simply have one, identical to a password.
Your passkey administration choices now
That is the place the confusion units in. Throughout many of the articles that reported on the elimination of person ID and password help in Microsoft Authenticator, the authors additionally famous that Authenticator would proceed to help passkeys and that the person may proceed to depend on Authenticator to authenticate (login) with these passkeys (see my clarification of what actually occurs throughout your ‘passwordless’ passkey login). It is not stunning that many of the articles mentioned this. In spite of everything, Microsoft’s personal submit in regards to the modifications to Authenticator very clearly states, “Authenticator will proceed to help passkeys. When you have arrange Passkeys to your Microsoft Account, be sure that Authenticator stays enabled as your Passkey Supplier. Disabling Authenticator will disable your passkeys.”
This definitely piqued my curiosity. On the floor, it was unusually beginning to seem like Microsoft was transferring all person ID and password administration to Edge whereas on the similar time fracturing passkey administration throughout Microsoft Authenticator and Edge for Home windows as an alternative of transferring full help for each syncable passwords and syncable passkeys to Edge (which is strictly how Chrome does it). So I went again to Microsoft to ensure that I understood issues appropriately. I apparently did not.
Additionally: Passkeys will not be prepared for primetime till Google and different firms repair this
“Authenticator will all the time proceed to help device-bound passkeys for Entra accounts,” a Microsoft spokesperson instructed me. “You will all the time be capable of create a type of at this time and sooner or later.” There’s quite a bit to unpack there. Not solely are Authenticator-managed passkeys additionally device-bound passkeys (in different phrases, they can’t be synchronized), the passkey help present in Authenticator is for customers of Microsoft Entra ID, Microsoft’s cloud-based id administration answer (previously referred to as Azure Lively Listing) for companies. In different phrases, the passkey help present in Microsoft Authenticator will not be for these of us within the normal person inhabitants who simply need to handle their credentials. And it nonetheless lacks any synchronization capabilities.
In a nutshell, for these of us within the normal person inhabitants who need to handle and use passkeys along with person IDs and passwords, Microsoft presents one choice: Edge on Home windows. Moreover, neither Edge for Home windows nor Microsoft Authenticator (for Entra ID customers) presents passkey synchronization. The one sort of passkeys that Microsoft at present helps are device-bound (non-syncable) passkeys. That is clearly not supreme, and figuring out a few of the of us at Microsoft, I am certain they’d agree (particularly given how arduous the corporate is promoting the thought of passkeys proper now).
My conclusion as I attempt to take a 30,000-foot view of this case is that in the case of the entire totally different Microsoft applied sciences that play a task in credential administration — Home windows, Home windows Good day, Authenticator, Edge, Microsoft Pockets, Entra ID, passkeys, and so forth. — the corporate has quite a lot of totally different items on the chessboard. Shifting all of them into the best place to help the safe credential administration future it’s promoting is simpler mentioned than performed.
Additionally: What actually occurs throughout your ‘passwordless’ passkey login?
In the identical manner {that a} chess participant (and opponent) all the time suppose and anticipate just a few strikes forward, it is arduous to not see that sooner or later, in the end (most likely sooner), Microsoft will help syncable passkeys throughout all its variations of Edge identical to it does now with person IDs and passwords (and identical to Chrome does). That’s the solely logical consequence given its strongly worded messages emigrate passwords from Authenticator to Edge.
However till that last chess transfer occurs, customers have choices within the different credential administration firms, together with Google and all of the third-party password managers (1Password, BitWarden, Dashlane, LastPass, NordPass, and so forth.) that help syncable passkeys and passwords in a single answer.
Keep forward of safety information with Tech At this time, delivered to your inbox each morning.
