Securely manage and autofill passwords across all your mobile devices with Microsoft Authenticator

Howdy folks,

Today we are announcing the public preview of password management and autofill capability in the Microsoft Authenticator app. For any sites or apps you visit on your mobile device, Authenticator will help you autofill strong passwords without having to remember them. These passwords can be synced across mobile and desktop, so you can seamlessly autofill passwords as you move across devices. This is currently only available for Microsoft accounts (MSA) and not for based work or school accounts.

Rajat Luthra, one of our program managers in the Identity team, has written a guest blog post diving into details of this new capability. You can see his blog post below.

As always, we'd love to hear from you. Please let us know what you think in the comments below or on the Azure AD feedback forum.

Best regards,

Alex Simons (@Alex_A_Simons)

Corporate VP of Program Management

Microsoft Identity Division


Hi everyone!

I'm excited to share that Microsoft Authenticator can now securely store and autofill passwords on apps and sites you visit on your mobile device. Once you make Authenticator an autofill provider, it will offer to save your passwords when you enter them on a site or app's login page. Your synced passwords are protected on mobile with multi-factor These passwords are synced using your Microsoft account (,,, etc.), making them also available on your desktop with Microsoft Edge and the new Google Chrome extension.

While passwordless and multi-factor is the way to go for security, we understand many sites still require passwords and some don't even support multi-factor . In a previous blog, we showed how no human generated password can be unique enough to beat attackers. That's where Authenticator can help! Since you no longer need to remember passwords, Authenticator can autofill complex and unique passwords for you.

Here's a sneak peek of autofill experience on iOS. A similar experience exists for Android.

When you visit a site or app for which you have saved a password, Authenticator offers to autofill it.


When you visit a site or app where your username and password is not saved, “Passwords” text appears on top of keyboard, clicking on which lets you save password in Authenticator.


Getting started

To use the autofill feature and sync passwords, use your Microsoft account (MSA) and follow these simple steps. We've provided iOS screenshots below – the feature is available on both iOS and Android.
  1. Open your Authenticator app, go to Settings –> Beta –> Autofill, and turn the toggle ON. Once you toggle ON Autofill in Settings, the Passwords tab will appear.


  1. Then, go to the Passwords tab, and sign-in using your Microsoft account or sync passwords from a Microsoft account already added to your Authenticator app.


  1. Finally, make Authenticator the default autofill provider on your phone.
  • iOS: Open Settings –> Search for “Autofill Passwords” –> Click on “Autofill Passwords” –> Select “Authenticator”
  • Android: Open Settings –> Search for “Autofill” –> Select “Auto-fill service” –> Click on “Auto-fill service” on next screen –> Select “Authenticator”


  1. You can sync and autofill these passwords in Microsoft Edge. If you also use Google Chrome on desktop, you can sync and autofill the same passwords using the Google Chrome extension.


Autofill experience is rolling out in Authenticator app on iOS (iOS 12.0 and above) and Android (Android 6.0 and above). To learn more about the autofill feature, visit our FAQs page.

Autofill only works with Microsoft accounts (MSA), and is currently disabled for enterprise users who are using the Authenticator app for Phone sign-in or multi-factor authentication on their enterprise accounts. To allow enterprise users to use this feature on their Authenticator app, click here.

We look forward to your feedback!


Rajat Luthra (@_luthrarajat)

Senior Program Manager

Microsoft Identity Security & Protection


This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.