{"id":148919,"date":"2025-06-01T07:49:09","date_gmt":"2025-06-01T07:49:09","guid":{"rendered":"https:\/\/www.europesays.com\/uk\/148919\/"},"modified":"2025-06-01T07:49:09","modified_gmt":"2025-06-01T07:49:09","slug":"microsoft-confirms-password-deletion-now-just-8-weeks-away","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/uk\/148919\/","title":{"rendered":"Microsoft Confirms Password Deletion\u2014Now Just 8 Weeks Away"},"content":{"rendered":"<p class=\"color-body light-text\" role=\"button\">Here\u2019s when passwords will be deleted.<\/p>\n<p>Anadolu via Getty Images<\/p>\n<p>Republished on May 31 with a new attack on Microsoft account passwords. <\/p>\n<p>Microsoft wants to <a class=\"color-link\" href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2025\/04\/05\/microsoft-confirms-password-deletion-for-windows-users-what-you-do-now\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/zakdoffman\/2025\/04\/05\/microsoft-confirms-password-deletion-for-windows-users-what-you-do-now\/\" target=\"_self\" aria-label=\"delete passwords\" rel=\"noopener\">delete passwords<\/a> for its billion-plus users, now \u201c<a class=\"color-link\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/12\/12\/convincing-a-billion-users-to-love-passkeys-ux-design-insights-from-microsoft-to-boost-adoption-and-security\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/12\/12\/convincing-a-billion-users-to-love-passkeys-ux-design-insights-from-microsoft-to-boost-adoption-and-security\/\" aria-label=\"the password era is ending\">the password era is ending<\/a>\u201d and set against the backdrop of hundreds of millions of email addresses and passwords being stolen. \u201cBad actors know\u201d passwords are finished, Microsoft says, \u201cwhich is why they\u2019re desperately accelerating password-related attacks while they still can.\u201d All of which amplifies the risk for anyone yet to upgrade their account security.<\/p>\n<p>In parallel, Microsoft is making another headline change, deleting passwords for millions of users just 8 weeks from now. Anyone using Microsoft Authenticator is being warned that \u201cfrom August 2025, your saved passwords will no longer be accessible and any generated passwords not saved will be deleted.\u201c <a class=\"color-link\" href=\"https:\/\/support.microsoft.com\/en-us\/account-billing\/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/support.microsoft.com\/en-us\/account-billing\/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6\" aria-label=\"You must act now.\">You must act now. <\/a><\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-4\" href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2025\/05\/30\/microsoft-warns-windows-users-emergency-update-within-days\/\" target=\"_blank\" aria-label=\"Microsoft Warning\u2014Emergency Windows Update Coming In \u2018Days\u2019\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/zakdoffman\/2025\/05\/30\/microsoft-warns-windows-users-emergency-update-within-days\/\">ForbesMicrosoft Warning\u2014Emergency Windows Update Coming In \u2018Days\u2019By Zak Doffman<\/a><\/p>\n<p>Here are your deadlines:<\/p>\n<ul>\n<li>\u201cStarting June 2025, you will no longer be able to save new passwords in Authenticator.<\/li>\n<li>During July 2025, you will not be able to use autofill with Authenticator.<\/li>\n<li>From August 2025, your saved passwords will no longer be accessible in Authenticator.\u201c<\/li>\n<\/ul>\n<p>The company\u2019s solution is to first move autofill and then any form of password management to Edge. \u201cYour saved passwords (but not your generated password history) and addresses are securely synced to your Microsoft account, and you can continue to access them and enjoy seamless autofill functionality with Microsoft Edge.\u201d<\/p>\n<p>Microsoft has added an Authenticator splash screen with a \u201cTurn on Edge\u201d button as its ongoing campaign to switch users to its own browser continues. It\u2019s not just with passwords, of course, there are the endless warnings and nags within Windows and even pointers within security advisories to <a class=\"color-link\" href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2025\/05\/22\/microsoft-warns-windows-users-change-browser-to-stop-attacks\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/zakdoffman\/2025\/05\/22\/microsoft-warns-windows-users-change-browser-to-stop-attacks\/\" target=\"_self\" aria-label=\"switch to Edge for safety and security\" rel=\"noopener\">switch to Edge for safety and security<\/a>.<\/p>\n<p>Microsoft says that \u201cto continue to use generated passwords, save them from Generator history (via or from the Password tab) into your saved passwords,\u201d and that \u201cafter July 2025, any payment information stored in Authenticator will be deleted from your device.\u201d and \u201cafter August 2025, your saved passwords will no longer be accessible in Authenticator and any generated passwords not saved will be deleted.\u201d<\/p>\n<p>Ironically, Microsoft\u2019s Authenticator will continue to support passkeys and that\u2019s actually what all users should be doing now. Forget old school passwords and two-factor authentication (2FA), all critical accounts should have passkeys added where available, especially your Microsoft and Google accounts.<\/p>\n<p class=\"color-body light-text\" role=\"button\">Passwords are ending in Authenticator<\/p>\n<p>Microsoft<\/p>\n<p>Microsoft wants users to delete passwords once that\u2019s done, so no legacy vulnerability remains, albeit Google has not gone quite that far as yet. You do need to remove SMS 2FA though, and use an app or key-based code at a minimum.<\/p>\n<p><a class=\"color-link\" href=\"https:\/\/fidoalliance.org\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/fidoalliance.org\/\" aria-label=\"FIDO\">FIDO<\/a>\u2018s latest research reports that \u201cover 35% of people had at least one of their accounts compromised due to password vulnerabilities\u2026 This is significant for passkey adoption, as 54% of people familiar with passkeys consider them to be more convenient than passwords, and 53% believe they offer greater security.\u201d<\/p>\n<p>Notwithstanding these Authenticator changes, Microsoft users should use this as a prompt to delete passwords and replace them with passkeys, per the Windows-makers\u2019 advice. This is especially true given increasing reports of two-factor authentication (2FA) bypasses that are increasingly rendering basics forms of 2FA redundant.<\/p>\n<p>Microsoft accounts are now at risk from a new attack that has hijacked Google\u2019s App Scripts to provide a veil of authenticity when sending malicious phishing emails. Per <a class=\"color-link\" href=\"https:\/\/cybersecuritynews.com\/threat-actors-leverage-google-apps-script\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/cybersecuritynews.com\/threat-actors-leverage-google-apps-script\/\" aria-label=\"Cybersecurity News\">Cybersecurity News<\/a>, the attack deploys \u201ca fraudulent login window that mimics authentic Microsoft authentication interfaces.\u201d<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-5\" href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2025\/05\/30\/googles-new-chrome-update-do-not-ignore-june-5-deadline\/\" target=\"_blank\" aria-label=\"Google\u2019s New Chrome Update\u2014Do Not Ignore June 5 Deadline\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/zakdoffman\/2025\/05\/30\/googles-new-chrome-update-do-not-ignore-june-5-deadline\/\">ForbesGoogle\u2019s New Chrome Update\u2014Do Not Ignore June 5 DeadlineBy Zak Doffman<\/a><\/p>\n<p>The original warning from <a class=\"color-link\" href=\"https:\/\/cofense.com\/blog\/behind-the-script-unmasking-phishing-attacks-using-google-apps-script\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/cofense.com\/blog\/behind-the-script-unmasking-phishing-attacks-using-google-apps-script\" aria-label=\"Cofense\">Cofense<\/a> is now picking up attention (<a class=\"color-link\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/threat-actors-abuse-google-apps-script-in-evasive-phishing-attacks\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.bleepingcomputer.com\/news\/security\/threat-actors-abuse-google-apps-script-in-evasive-phishing-attacks\/\" aria-label=\"1\">1<\/a>,<a class=\"color-link\" href=\"https:\/\/gbhackers.com\/threat-actors-exploit-google-apps-script\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/gbhackers.com\/threat-actors-exploit-google-apps-script\/\" aria-label=\"2\">2<\/a>). The research team found an \u201cattack [that] uses an email masquerading as an invoice, containing a link to a webpage that uses Google Apps Script, a development platform integrated across Google\u2019s suite of products. By hosting the phishing page within Google\u2019s trusted environment, attackers create an illusion of authenticity. This makes it easier to trick recipients into handing over sensitive information.\u201d<\/p>\n<p>While you can watch out for invoices hosted on \u201cscript[.]google[.]com,\u201d which is how the attack manifests itself, the better advice is just to shore up your Microsoft accounts. If you use passkeys and delete account passwords \u2014 per the company\u2019s advice to remove that legacy vulnerability \u2014 then you\u2019ll be protected. In short, don\u2019t move passwords from Authenticator, change how those accounts are secured instead.<\/p>\n","protected":false},"excerpt":{"rendered":"Here\u2019s when passwords will be deleted. Anadolu via Getty Images Republished on May 31 with a new attack&hellip;\n","protected":false},"author":2,"featured_media":148920,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[63748,63749,31589,63747,53,16,15,9024,1961,18165,1962],"class_list":{"0":"post-148919","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-delete-2fa","9":"tag-delete-sms","10":"tag-microsoft-attack","11":"tag-microsoft-delete-passwords","12":"tag-technology","13":"tag-uk","14":"tag-united-kingdom","15":"tag-windows-10-end-support","16":"tag-windows-11-free-upgrade","17":"tag-windows-attack","18":"tag-windows-warning"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@uk\/114607014920395880","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/148919","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/comments?post=148919"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/148919\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media\/148920"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media?parent=148919"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/categories?post=148919"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/tags?post=148919"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}