Microsoft has announced that its new Authenticator App will also work as a password manager which will allow passwords to be synced across desktop and mobile devices (iOS and Android) as well as Edge and Google Chrome browsers.
Free Authenticator
The free Microsoft Authenticator app is currently only available as a public preview version in Microsoft accounts (MSA) but not for Azure AD-based work or school accounts. Users will also need to enable Authenticator as the default autofill by going to the settings of a device (iOS or Android).
Security and Convenience
The Authenticator app is designed to allow users to autofill strong passwords without having to remember them, thereby improving security, and to sync passwords across devices to allow users the convenience of seamlessly auto-filling passwords as they move across devices. These passwords are synced using Microsoft account (outlook.com, hotmail.com, live.com, etc.), which means that they are also available on the user’s desktop with Microsoft Edge and the new Google Chrome extension.
Rumours
Back in January, prior to the pandemic, there were rumours that Microsoft was planning to launch a new consumer/home-focused edition of Office 365 in the spring called “Life” and that this edition was to include a full password manager. The pandemic appears to have put this idea on hold.
Changed Password Policy
Back in April last year, Microsoft indicated that it was moving away from policies that enforced periodic password changes on users of Windows systems following scientific research which called into question the value of many long-standing password-security practices and highlighted better alternatives e.g., enforcing banned-password lists (like Azure AD password protection) and multi-factor authentication.
Password Managers
Even though the Microsoft Authenticator works as a password manager, there are, of course, other password managers available many of which are already being used by businesses and consumers. These include Keeper (good for cross-platform uses), LastPass, Dashlane, and LogMeOnce.
What Does This Mean For Your Business?
Most businesses know that strong passwords and multi-factor authentication are important to help maintain security but that constantly having to update passwords to strong versions that aren’t easy to remember can be annoying, disruptive and can waste time at important moments. Also, using multiple devices can mean that a password change on one where there is no syncing means problems logging in and/or having to change the login again on another device. Having a tool like the free Microsoft Authenticator app’s built-in, cross-platform password manager that syncs across devices could therefore offer considerable convenience as well as the obvious security benefits to businesses although it appears that it is not fully available yet. Although there are many good password managers available, it should be remembered that the general move in authentication is towards biometrics e.g., fingerprints and that as this is introduced for more products and services it will provide an even safer and more convenient way of managing login security going forward.