Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Securely manage and autofill passwords across all your mobile devices with Microsoft Authenticator
Published Dec 15 2020 09:00 AM 106K Views

Howdy folks,

Today we are announcing the public preview of password management and autofill capability in the Microsoft Authenticator app. For any sites or apps you visit on your mobile device, Authenticator will help you autofill strong passwords without having to remember them. These passwords can be synced across mobile and desktop, so you can seamlessly autofill passwords as you move across devices. This is currently only available for Microsoft accounts (MSA) and not for Azure AD based work or school accounts.

 

Rajat Luthra, one of our program managers in the Identity team, has written a guest blog post diving into details of this new capability. You can see his blog post below.

 

As always, we’d love to hear from you. Please let us know what you think in the comments below or on the Azure AD feedback forum.

 

Best regards,

Alex Simons (@Alex_A_Simons)

Corporate VP of Program Management

Microsoft Identity Division

------------------------------------------

 

Hi everyone!

I’m excited to share that Microsoft Authenticator can now securely store and autofill passwords on apps and sites you visit on your mobile device. Once you make Authenticator an autofill provider, it will offer to save your passwords when you enter them on a site or app’s login page. Your synced passwords are protected on mobile with multi-factor authentication. These passwords are synced using your Microsoft account (outlook.com, hotmail.com, live.com, etc.), making them also available on your desktop with Microsoft Edge and the new Google Chrome extension.

While passwordless and multi-factor authentication is the way to go for security, we understand many sites still require passwords and some don’t even support multi-factor authentication. In a previous blog, we showed how no human generated password can be unique enough to beat attackers. That’s where Authenticator can help! Since you no longer need to remember passwords, Authenticator can autofill complex and unique passwords for you.

Here’s a sneak peek of autofill experience on iOS. A similar experience exists for Android.

 

When you visit a site or app for which you have saved a password, Authenticator offers to autofill it.

Picture5.jpg

 

When you visit a site or app where your username and password is not saved, “Passwords” text appears on top of keyboard, clicking on which lets you save password in Authenticator.

 

 

T3.PNG

 

Getting started

To use the autofill feature and sync passwords, use your Microsoft account (MSA) and follow these simple steps. We've provided iOS screenshots below – the feature is available on both iOS and Android.

 

  1. Open your Authenticator app, go to Settings --> Beta --> Autofill, and turn the toggle ON. Once you toggle ON Autofill in Settings, the Passwords tab will appear.

T4.PNG

 

  1. Then, go to the Passwords tab, and sign-in using your Microsoft account or sync passwords from a Microsoft account already added to your Authenticator app.

 

T5.PNG

 

  1. Finally, make Authenticator the default autofill provider on your phone.
  • iOS: Open Settings --> Search for “Autofill Passwords” --> Click on “Autofill Passwords” --> Select “Authenticator”
  • Android: Open Settings --> Search for “Autofill” --> Select “Auto-fill service” --> Click on “Auto-fill service” on next screen --> Select “Authenticator”

 

  1. You can sync and autofill these passwords in Microsoft Edge. If you also use Google Chrome on desktop, you can sync and autofill the same passwords using the Google Chrome extension.

 

Prerequisites

Autofill experience is rolling out in Authenticator app on iOS (iOS 12.0 and above) and Android (Android 6.0 and above). To learn more about the autofill feature, visit our FAQs page.

Autofill only works with Microsoft accounts (MSA), and is currently disabled for enterprise users who are using the Authenticator app for Phone sign-in or multi-factor authentication on their enterprise accounts. To allow enterprise users to use this feature on their Authenticator app, click here.

 

We look forward to your feedback!

 

Thanks,

Rajat Luthra (@_luthrarajat)

Senior Program Manager

Microsoft Identity Security & Protection

61 Comments
Iron Contributor

Awsome, looking forward to this one!

Brass Contributor

So... my Microsoft account IS my Azure AD account is my AD on-prem account.  I don't keep a separate Microsoft account for work stuff.  I do have a Microsoft account for my home life.  Are you saying Azure AD accounts that are used for Microsoft services will NOT work?  Is that something that is coming though?  Azure AD would be huge.  AND we need a Windows 10 app as well, right?

Brass Contributor

Sounds good. An app on my mobile that does 2FA and also signs in. However, I have been using LastPass for a while and have passwords in there. If I am going to move over to Edge and Authenticator then I need a way of importing from LastPass. Is there an option for that?

 

 

Brass Contributor

I've been looking forward to this feature for a very long time. The reason I continued to use chrome after edge was released on both desktop and mobile was because my Android password was not synced. Now everything is solved. That's great.

Deleted
Not applicable

This is incredibly cool! I LOVE IT!!! Everyone uses the app anyway and now it will do even more :) How cool is that? Thank you Microsoft and WELL DONE whoever came up with it and implemented it!

 

Happy Azure Stacking!!!

Copper Contributor

Nice feature! Will biometric website login also be part of this or will it simply auto-fill user credentials without the need for FaceID or fingerprint recognition?

Iron Contributor

For Enterprise users, we'll need to be able to import, and export, saved logins so we can migrate to or from other solutions. Would also love to see a feature to share/sync passwords with others, so that a group login can be shared and if updated by one user will update for others. Without these, I don't see much reason for us to switch away from existing options.

Brass Contributor

This is awesome.  I hope in the future there will be a way to also migrate from other current password managers to Microsoft Authenticator.  I've got *A LOT* of passwords in another password manager at the moment, and the thought of having to manually move each one across.....   

Brass Contributor

Will this have other auto fill capabilities? Such as credit card, address etc?

I would find it difficult to change my auto fill provider otherwise. 

Copper Contributor

When will there be support for Azure AD accounts? The support would be essential for the deployment.

Further, Windows 10 needs an app or built-in support for the functionality - not just Edge.

The third must-have is an import function for the popular competitor products like 1Password, LastPass, Dashlane, etc.

Microsoft

@Stephen Townsley, yes, you can import your LP data using the following steps at the moment. We will simplify this further.

 

1. Export LP data to CSV (Link)

2. Get Microsoft Autofill Chrome extension

3. Import #1's CSV in #2's extension after some modifications. The pwds will sync down to your Authenticator.

Microsoft

@James Auman, +1 to your feedback. Thank you for sharing!

 

You should still be able to use Autofill in Authenticator as long as you don't have the AAD account added in Authenticator for AAD authentication.

Microsoft

@IronHorse59, biometrics will be needed for website autofill too on mobile devices. :)

Microsoft

@Noel Fairclough, yes, you can import data from other solutions using our Google Chrome extension. You will find my comment above to Stephen Townsley helpful.

Microsoft

@seolhwa, @Deleted, thank you for making our day with your comments. We are very glad to read that. The teams have worked REALLY hard on this and your comments make us grateful for that opportunity. Thank you!

Microsoft

@chrimorg, feedback noted for enterprise. Thank you!

Microsoft

@Coopem16 , we hear you and have your request on our radar. Thank you!

Copper Contributor

Nice! Where the passwords are stored and how do you protect them ?

Brass Contributor

I have been using this now in preference to LastPass. The authenticator works well on my iphone and edge is working well on my PC. I have an 11 year Macbook too and I tested it with that and edge works fine. 

 

Now there are some issues. Some websites seem to not have username + password. They get the username and then prompt for password after it gets the username. Edge gets confused by this. It would be nice if you could do manual copy/paste. Creating a secure password would be a nice trick too. Just stops password re-use and would be a nice feature. If it's there it isn't obvious. I do have some places where I have more than one username. One for personal and one as part of my work. I would like an easy way to annotate the entry so it shows which I am using. 

 

I switch to an android device occasionally. It's a shame that IOS authenticator backs up to icloud and android backs up to Google Drive. The two authenticators don't seem to have interoperablity on 2FA with your Microsoft id. For my usage case it would be good. 

 

Generally I like the direction of password security. The trust in technology companies over privacy and security has been low. I think if Microsoft got a positive reputation for password management that was easy to use for most people it would be good news. 

Microsoft

@LorisAguilar, the passwords are encrypted and stored on Microsoft servers. The encryption key is only retrieved upon a successful auth by the Microsoft account owner.

Microsoft

@Stephen Townsley, thank you. We're glad you're using Authenticator Autofill in place of other providers. Also, happy to hear that you've been able to sync your data across your Authenticator, PC and Mac.

 

Your observation around websites with different pages for username and password and multiple accounts (personal and work) on Edge is noted along with your request to allow manual copy. Your feedback around Authenticator's different iOS and Android backup mechanisms is also noted. Thank you for sharing that. Please keep the feedback going.

Iron Contributor

The ability to securely share credentials with others in the organisation would solve a big challenge for us

Copper Contributor

I would like the same extension in Firefox.

Microsoft

@gabeweb, noted. Thanks for sharing.

Microsoft

@Ivan Wilson, thanks for sharing. We are looking into it. If there are other unmet enterprise needs you have in this area, we would love to do a deep dive with you and share what we are envisioning. Thank you!

Copper Contributor

Interesting but too limited. My password current manager works across iOS, MacOS, Windows and Android. It has Identities that keep among other items credit card, bank account, personal details, passport and other useful information. Just passwords? Come back when you have a complete package.

Copper Contributor

I had passwords saved via the Microsoft Autofill extension, installed in Edge on my desktop PC, but noticed that after updating Edge to 88.0.705.68, all but the most recently saved password have disappeared (updating Edge meant I was signed out of Autofill and had to sign back in).

 

I checked the Authenticator app on my iPhone and saw that all the saved passwords were still present, although that was short-lived and they all vanished once the Autofill extension synchronised with my Microsoft account.

 

Hoping this is a temporary glitch, because I'm enjoying how seamlessly Authenticator and Autofill work.

Copper Contributor

If only this worked on Android. On my Samsung Galaxy S9 when I try to autofill fields within apps, nothing happens. I have even tried to opt-in to the beta version and no luck.

Copper Contributor

@Rajat Luthra I'm loving this autofill feature in Edge/Authenticator, it's completely replaced my previous (paid) password manager.

 

The only thing that's lacking for me is the ability to automatically generate a secure password when signing up for a service/website. I now have to navigate to another third-party tool to generate a random password.

 

I have 'Suggest strong passwords' enabled in Edge, but that doesn't seem to do anything.

Copper Contributor

There is obviously a big opportunity here with LastPass announcing what is basically the death of the free version. I rolled all my passwords over, but I'm immediately finding some missing features.

 

This desperately needs the ability to generate passwords. This blog post itself mentions that "no human generated password can be unique enough to beat attackers." Yet, this product currently does nothing to help with that.

 

Another feature sorely missing is the ability to copy a password easily. Both the extension and the app make this possible, but cumbersome. Many websites do various login processes that break the flow of auto fill. In those cases it is critically important to be able to copy both the username and password out of the password manager.

 

@Rajat Luthra with LastPass setting up many users to look for an alternative product, can you provide some feedback/timeline on missing features?

Iron Contributor

Autofill refuses to work on Mobile devices if Authenticator is used for organisational accounts. This does not bring it on parity with lastpass, is there a workaround?

Microsoft

@Gregory Suvalian, could you please fill out this form? We might need to allow-list your org.

Microsoft

@claytontlewis@Gerbrand van der Weg, thanks for sharing your feedback. Password gen is on our near-future roadmap. We understand this is a key functionality to close the loop.

Copper Contributor

Microsoft Autofill looks like a nice replacement for Lastpass, but I can't seem to import the exported csv I made from Lastpass. I've even tried the template CSV file to fill that one with some test data, but the tool keeps coming back with:

 

Sorry, we couldn't import your data

File format not supported. Only the files with .csv extension are supported.

 

Any ideas about this? I'm using no weird characters and the file has a .csv extension. Even the standard template file fails to import.

Microsoft

@AkosB, could you pls DM me your work email? If this link does not help, we'd love to understand the issue you are facing.

Copper Contributor

That link is what I used. I have sent you my work mail:)

Copper Contributor

I tried from another laptop to import the data into the Edge autofill extension, and now it works! And my authenticator on my phone has the same passwords. Fantastic!

 

Indeed like the previous posts said: Please provide a password generator, and it would be great if there was an export function too (that would ask for authentication before it would let me export the data). Other than that, awesome stuff!

Copper Contributor

I've had zero luck getting this to work on my Samsung S21 Ultra. The password tab is showing and I've imported from Chrome but haven't seen it work. Autofill provider is set as Microsoft Authenticator. Perhaps not compatible yet?

Copper Contributor

@RGFUK have the same issue here. Passwords are there in the Authenticator app, they even work in Chrome desktop (with the extension), but not on Edge (Chromium) desktop!!! Wtf?!

Are we supposed to keep Chrome-only for this feature?

Microsoft

@marcelovital and @RGFUK, we are looking into this issue.

Copper Contributor

I like the idea that you have a single source and tool for authentication across multiple platforms, but so far the lack of password generation, lack of export possibilities (= vendor lock-in) and also categorization of your secrets made me look for other alternatives for Lastpass. I went to Bitwarden and that has everything and more. Once autofill/authenticator reaches maturity instead of minimum viable product, I'll definitely check it out!

Copper Contributor

@Rajat Luthra 
LastPass user looking to make the switch here.  I agree with others that the current feature set is too limited.  Personally, I would like to see the following by order of importance:

  1. Password generation
  2. Adding new accounts on mobile
  3. Ability to export passwords
  4. Password folders
  5. Password sharing for families
  6. One-Time Password (OTP) Access
  7. Emergency Access
  8. Password security review/scoring

That said, I am excited to see Microsoft make inroads in this critically important area.  Unfortunately, passwords are not going away, and I'm not excited to have to pay almost $50 a year now (LastPass) just to be secure across my devices.  Security should be a right, not a privilege.  Thank you for your efforts in this space.

Copper Contributor

Thanks to @Rajat Luthra and team for investigating the password synch issued I mentioned on 13th Feb. The Autofill extension in Edge was updated to version 1.0.1, and I'm now seeing passwords synchronised successfully with Microsoft Authenticator on my iPhone.

 

@marcelovital are you still experiencing the synch problem, or has it also been resolved by the update to the Autofill extension?

Copper Contributor

@Rajat Luthra @unclerunkle eventually it might also be nice to see detection of leaked credentials, or for example integration with Troy Hunt's Have I Been Pwned? service ( https://haveibeenpwned.com/API/v3 ). I believe 1Password currently offers that integration through its Watchtower feature.

Copper Contributor

@RGFUK no, I didn't see any change in behavior. When you mention an Autofill extension update, is there any manual step I need to take?
When going to the "about" page I only see this

marcelovital_0-1614354792232.png

 

Copper Contributor

@marcelovital no manual step that I'm aware of in the Autofill extension's settings. I had an update pending in Edge (an amber/orange icon shown in the top right corner of a browser tab), and after quitting Edge and restarting, a pop-up was shown briefly indicating Autofill had been updated.

 

@Rajat Luthra I spoke too soon about the problem being resolved, as this afternoon Edge updated to v88.0.705.81, and looking at Autofill's saved passwords now shows none are there (which wasn't the case this morning!).

Copper Contributor

@Rajat Luthra How about a feature to be able to share passwords with family members or other microsoft accounts? Is that being considered?

Copper Contributor

After having played around with Authenticator as a password manager a couple of days my comments and questions are as follows:

- the iOS implementation is outstanding, it works flawlessly and was easy to setup and use

- in a Windows browser (Edge, Chrome + extension) it also works OK

- it does not seem to be ready on Android. Authenticator intervened on some apps, but not on all. It intervened in the Chrome browser when I swiped downwards on the page, never when I clicked in the userid field. Never did it offer to search through the saved passwords, like it does on iOS.

Question: When will we see a fully working implementation on Android?

Rgds Lars

 

 

 

Copper Contributor

Love where Microsoft is taking passwordless, Microsoft authenticator, password sync, etc.   When will Microsoft Authenticator app support Azure AD based work or school accounts for password sync and backup? 

Copper Contributor

Had some issues with importing but I think that had to do with the fact that I cleaned up my NordPass export file (it contained more than passwords) in Excel, which decided to add some "-signs here and there when my actual password contained that character.

 

One thing I'm wondering about is the use of "name" column. The name I have for the sites doesn't show up anywhere. Some sites have a different name than the URL you're accessing when logging in. Would make it easier to find the record in the long list of passwords if you could see the name.

 

I also agree with several other commenters here that other password managers e.g. LastPass, NordPass and Dashlane all have more features that would be nice to have. I'm thinking of secure notes, credit card information etc. But the two major things that need to be implemented soon are password generator and the function to copy username/password easily.

Version history
Last update:
‎Dec 16 2020 08:47 AM
Updated by: