Your passwords are about to disappear.
You now have just ten days before Microsoft starts deleting your passwords. Do not leave it too late and be sure to save your data. But before you do, there’s a new warning that might change your mind on what to do next.
First, as to what’s behind Microsoft’s new deletions. The company is on a mission to delete passwords for more than a billion users as the “password era is ending.” As part of that, it has already stoped autofilling passwords from its Authenticator app and in August those passwords will be deleted from its systems.
While Microsoft’s Authenticator will still continue to store passkeys, users are urged to use Edge instead as a password manager, and data will automatically move across. But Proton has now warned that “the direction is clear: core features are being consolidated inside a single ecosystem, with fewer options for users.”
“This isn’t just about passwords,” Proton says, “it’s about control. When switching becomes harder, choice disappears.” The security firm has published a new blogpost in which it warns “Microsoft is pushing users deeper into its walled garden.”
Microsoft confirms that “from August 2025, your saved passwords will no longer be accessible in Authenticator.” It has added a “Turn on Edge” button in Authenticator, and says “your saved passwords (but not your generated password history) and addresses are securely synced to your Microsoft account, and you can continue to access them and enjoy seamless autofill functionality with Microsoft Edge.”
According to Proton, “this means if you want to keep using Microsoft’s password management features, you’ll need to step further into Microsoft’s walled garden and submit to Edge’s data collection. And while this might look like a technical update, it reflects the inescapable logic of walled gardens: It’s a clear shift toward its own ecosystem that restricts choice under the guise of convenience or security.”
As for Authenticator itself. Proton says it “was a simple, dedicated tool that allowed users to store and autofill logins across platforms. Like most Microsoft products, Authenticator collected data, but wasn’t equipped to track across the internet.”
“You no longer decide how your information is handled or where it’s stored. That decision gets made for you,” Proton suggests. “Microsoft appears to be imitating Google’s playbook with Chrome(new window). It can now tie your accounts to your browsing history and track you much more effectively.”
There is a conflict here. Deleting passwords and replacing them with passkeys is the right answer. Passwords are not secure — even with two-factor authentication (2FA). But Proton says “behind the careful phrasing is a simple truth — features that once worked anywhere now only work wherever Microsoft wants you to be.”
This isn’t just about Microsoft, it’s “a broader pattern in Big Tech. Apple’s passkeys sync exclusively through iCloud. Google continues to tie identity and login services to its entire ecosystem. And now, Microsoft, after attempting to build its own walled gardens with Windows 365 and OpenAI, is limiting password management to Edge.”
So is this a genuine concern — that “gradually choice erodes, and systems that once worked broadly start to work best only when you’re locked inside one company’s walled garden.” To an extent, of course it is. That’s why Apple’s and Google’s walled gardens are under regulatory pressure in the U.S. and Europe. “Once you’re in the walled garden, these companies move swiftly to monetize you at every opportunity.”
But the undeniable truth is that users are more secure within a walled garden ecosystem that makes it difficult if not impossible for attackers to break into a trusted device. That’s Apple’s longstanding mantra and others are catching up fast. Even Samsung is now doing the same with Knox Matrix. Passkeys are one element — the linkage of security to hardware clearly steers towards control by hardware and OS developers.
In the short term, you need to use what’s available and add passkeys to all your key accounts. You should also delete passwords which continue to provide access to your accounts. But you should also keep Proton’s warning in mind. This is about balance.