Latest news with #securitycodes
Yahoo
3 days ago
- Business
- Yahoo
Microsoft will soon delete your Authenticator passwords. Here are 3 password manager alternatives
Users of Microsoft apps are having a rough year. First, in May, the Windows maker shut down the popular VOIP calling app, Skype, for good. Microsoft said it was done so that the company could focus on its latest communications app darling, Microsoft Teams. What is fractional leadership, and why is it booming now? Why setting boundaries makes you more valuable at work 5 companies that could hit a $4 trillion market cap after Nvidia Now, Microsoft has announced that it is nerfing one of its most popular mobile apps, too. While not shutting the app down completely, Microsoft Authenticator is about to go through a radical downgrade. The app previously acted as a password manager and authentication app, but starting this month, Microsoft has stripped Authenticator's ability to autofill your saved passwords. And come August, Microsoft will delete all your saved passwords from Authenticator. This means that just as users of Skype needed to find a new VOIP app, those who use Microsoft Authenticator as a password manager will need to hurry up and find a new one. Here's why Microsoft is making its changes to Authenticator, and the alternative password managers you may want to migrate to before the August deadline. Microsoft first introduced Authenticator in 2016 as a stand-alone app used to manage two-factor authentication security codes. In 2020, it added password management support to Authenticator, making the app a one-stop shop for autofilling passwords and security codes on websites. However, in 2020, Microsoft also introduced its new Edge browser, and since then, Edge has become a top priority for the company. And Microsoft has now decided that Edge should act as a Microsoft user's password manager of choice, partly due to the fact that the Edge browser supports multiple platforms: Windows, Mac, iOS, Android, Linux, and more, while Authenticator only supports iOS and Android. The logic here is that if Edge is now your password manager, all your passwords will be accessible on every device logged into Edge. To facilitate this transition, Microsoft will automatically transfer a user's saved passwords from Authenticator to Edge before permanently deleting them from Authenticator next month. This move is great for people who don't mind a web browser serving as their password manager. However, many people prefer a dedicated password manager app because it is usually more versatile, offers advanced features like password sharing, and integrates seamlessly with various desktop and mobile browsers. If you are in that second group, you'll want to export your passwords from Authenticator before they are deleted and import them into a new dedicated password manager app—but which one to use? There is no shortage of dedicated password managers out there. However, if you are moving from Microsoft Authenticator, there are three in particular that you might want to consider: Apple Passwords: This is Apple's designated password manager, which the company introduced last year. The biggest advantage of Apple Passwords is its clean, simple interface. It lets you store not only your passwords, but your passkeys and security codes, too. The Apple Passwords app is perfect if you operate primarily in Apple's ecosystem, but the app also supports Windows PCs (via the iCloud app) and major browsers, including Chrome and Firefox. The app is also free to use. However, Apple Passwords does not support Android, so if you have a 'droid, it's best to consider using one of the two password managers below. 1Password: One of the most popular password managers on the planet is 1Password. It's also one of the most versatile. Not only does it support passwords, passkeys, and security codes, but you can also save identity and credit card information and even important documents. 1Password supports all major platforms, including Windows, Mac, iOS, Android, and Linux. One drawback, especially if you are used to Microsoft Authenticator, is that 1Password is a paid app. Individual plans start at $2.99 per month. Bitwarden: In addition to 1Password, there is another other cross-platform password manager champ: Bitwarden. Like all good password managers, it offers robust password management and passkey support. It also supports all the major platforms, including Windows, Mac, iOS, Android, and more. Best of all, Bitwarden offers a free tier of the app, allowing anyone to use its password management feature. However, if you want a password manager that also handles your security codes, like Authenticator does, you'll need to upgrade to a Bitwarden plan, which starts at $10/year. If you do switch to one of the above apps, you'll need to transfer your passwords from Microsoft Authenticator to the app you choose. Just do it quickly. Microsoft will delete all your passwords stored in Authenticator on August 1, 2025. From that date, you'll need to download Microsoft Edge and export them from the company's web browser instead. To export your passwords from Authenticator before the August deadline, follow Microsoft's instructions here. This post originally appeared at to get the Fast Company newsletter:
Fast Company
21-06-2025
- Fast Company
Those security codes you ask to receive via text leave your accounts vulnerable. Do this instead
Do you receive login security codes for your online accounts via text message? These are the six- or seven-digit numbers sent via SMS that you need to enter along with your password when trying to access your bank accounts, health records, online photos, and more. This type of security is known as multifactor authentication (MFA) and is designed to keep your account secure even if someone knows your password. Without the additional security code, bad actors can't gain access to your data. Or at least that's the idea. It's increasingly becoming evident that security codes sent by text message may leave our data less secure than we thought. Fortunately, there are other, more secure ways to keep your accounts safe. Here's why it's probably a good idea to stop using SMS for your security codes, and what you can use instead. An opaque security code industry You may think that the text message you receive with the code you need to log into your account is coming from Amazon, Google, Meta, or whoever provides the service you are logging into. But it's probably not—and therein lies the security risk. Bloomberg and Lighthouse Reports just released an alarming report revealing that some of the most prominent tech companies recommending that users enable multifactor authentication—including Amazon, Google, and Meta—have used third-party companies to send their security codes to users via text. Some of these third-party companies have been linked to institutions in the surveillance industry and even government spy agencies. Additionally, some of the security codes that these third-party companies were responsible for transmitting have been associated with data breaches of individuals' accounts. Worse: the intermediaries operating in this space do so with little oversight from their tech giant clients or regulators. And Bloomberg and Lighthouse Reports' piece isn't the first to warn about the vulnerability that texted security codes expose users to. In December, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to the public, urging people to migrate away from receiving security codes via text. 'Do not use SMS as a second factor for authentication,' the CISA's memo warned. 'SMS messages are not encrypted—a threat actor with access to a telecommunication provider's network who intercepts these messages can read them.' But this vulnerability in texted security codes doesn't mean you should revert to using merely a password to access your accounts. Instead, you should consider a superior form of multifactor authentication—or upgrade to passwordless logins entirely. Get your security codes from an authenticator app instead Some websites and services are stuck in the past when it comes to multifactor authentication. That is, these websites do offer their users MFA, but only give the option of receiving security codes via text message—something the U.S. Cybersecurity and Infrastructure Security Agency now warns against. Thankfully, plenty of websites offer a more secure way to receive security codes: via an authenticator app. Simply put, an authenticator app is an application that resides on your phone or computer, storing all the various security codes for your online accounts that have multifactor authentication enabled. The code for each account in the authenticator app is unique, and it changes every 30 seconds. When you need to log in to a site that you have set up with multifactor authentication, you'll be prompted to enter your security code, which can be found in your authenticator app. And since these authenticator app codes always reside on your device, they can never be intercepted in transit, because they are never sent to you in the first place. Regardless of whether you use Windows, Mac, iPhone, or Android, you have numerous authenticator apps to choose from. These include Apple's own Passwords app, Google Authenticator, Microsoft Authenticator, LastPass Authenticator, and more. Even better, start using passkeys While authenticator apps are vastly more secure than text messages for getting your security codes, the safest login method no longer relies on codes—or even passwords—at all. I'm referring to passkeys, the passwordless login technology spearheaded by the FIDO Alliance, a consortium of tech companies including Amazon, Apple, Dell, Google, Meta, Microsoft, NTT, Samsung, and others. Passkeys are cryptographically complex from a technology perspective, but easy to use from a consumer perspective. When you add a passkey for one of your online accounts, you get one digital key, saved to your device, and the website gets a matching key. When you log into that website, the passkeys must match; otherwise, you won't get access to the account. You verify that you are the true holder of your passkey by confirming your identity with your biometrics—a facial or fingerprint scan, right from your phone or laptop. Passkeys can't be phished or guessed. And if one of your passkeys were stolen and put on someone else's device, it wouldn't work either. That's because the thief couldn't fool the passkey into thinking they were you since they don't have your face or fingerprint. And because passkeys don't require any alphanumeric input authentication—such as security codes—there's no code you need to worry about either. Passkeys are also synced to the cloud via your device's password manager, so if you lose your device, you can quickly regain access to all your passkeys from your, for example, Apple or Google account. The only drawback to passkeys is that not all online accounts support them. Still, each month, more and more sites are offering users the option for passkey logins. However, if your accounts don't support passkeys yet, you should still enable multifactor authentication. Just remember to opt to receive your security codes via an authenticator app rather than a text message.
