Today we are announcing the public preview of password management and autofill capability in the Microsoft Authenticator app. For any sites or apps you visit on your mobile device, Authenticator will help you autofill strong passwords without having to remember them. These passwords can be synced across mobile and desktop, so you can seamlessly autofill passwords as you move across devices. This is currently only available for Microsoft accounts (MSA) and not for Azure AD based work or school accounts.
Rajat Luthra, one of our program managers in the Identity team, has written a guest blog post diving into details of this new capability. You can see his blog post below.
As always, we’d love to hear from you. Please let us know what you think in the comments below or on the Azure AD feedback forum.
Alex Simons (@Alex_A_Simons)
Corporate VP of Program Management
Microsoft Identity Division
I’m excited to share that Microsoft Authenticator can now securely store and autofill passwords on apps and sites you visit on your mobile device. Once you make Authenticator an autofill provider, it will offer to save your passwords when you enter them on a site or app’s login page. Your synced passwords are protected on mobile with multi-factor authentication. These passwords are synced using your Microsoft account (outlook.com, hotmail.com, live.com, etc.), making them also available on your desktop with Microsoft Edge and the new Google Chrome extension.
While passwordless and multi-factor authentication is the way to go for security, we understand many sites still require passwords and some don’t even support multi-factor authentication. In a previous blog, we showed how no human generated password can be unique enough to beat attackers. That’s where Authenticator can help! Since you no longer need to remember passwords, Authenticator can autofill complex and unique passwords for you.
Here’s a sneak peek of autofill experience on iOS. A similar experience exists for Android.
When you visit a site or app for which you have saved a password, Authenticator offers to autofill it.
When you visit a site or app where your username and password is not saved, “Passwords” text appears on top of keyboard, clicking on which lets you save password in Authenticator.
- Open your Authenticator app, go to Settings –> Beta –> Autofill, and turn the toggle ON. Once you toggle ON Autofill in Settings, the Passwords tab will appear.
- Then, go to the Passwords tab, and sign-in using your Microsoft account or sync passwords from a Microsoft account already added to your Authenticator app.
- Finally, make Authenticator the default autofill provider on your phone.
- iOS: Open Settings –> Search for “Autofill Passwords” –> Click on “Autofill Passwords” –> Select “Authenticator”
- Android: Open Settings –> Search for “Autofill” –> Select “Auto-fill service” –> Click on “Auto-fill service” on next screen –> Select “Authenticator”
- You can sync and autofill these passwords in Microsoft Edge. If you also use Google Chrome on desktop, you can sync and autofill the same passwords using the Google Chrome extension.
Autofill experience is rolling out in Authenticator app on iOS (iOS 12.0 and above) and Android (Android 6.0 and above). To learn more about the autofill feature, visit our FAQs page.
Autofill only works with Microsoft accounts (MSA), and is currently disabled for enterprise users who are using the Authenticator app for Phone sign-in or multi-factor authentication on their enterprise accounts. To allow enterprise users to use this feature on their Authenticator app, click here.
We look forward to your feedback!
Rajat Luthra (@_luthrarajat)
Senior Program Manager
Microsoft Identity Security & Protection