"Account names for all accounts in the Authenticator app—including work or school accounts, Microsoft personal accounts, and non-Microsoft accounts (such as Amazon, Google)—will be securely backed up using iCloud and iCloud Keychain," reads the Microsoft announcement. Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names. Previously, the Microsoft Authenticator app required iOS users to sign in with a personal Microsoft Account to enable backups, regardless of whether they were using the app for personal or enterprise credentials. Microsoft says this new feature will begin rolling out in September and will be finished by early October 2025, with users being shown a notification about the new experience in the app, as shown below. The new backup system will continue to use the signed-in iCloud account to store the backups, but no longer with the requirement to use a Microsoft account. The company stresses that only TOTP secrets will be backed up and no other credentials, and that users can disable the backup feature through the iCloud settings on their device. Microsoft says this feature will only be available to users running iOS 16.0 or later with iCloud and iCloud Keychain enabled. The feature comes after Microsoft's recent announcement they are removing the password autofill and management functionality from Authenticator. Microsoft says that this feature will automatically roll out to all users with no admin action required.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 09 Jul 2025 22:40:12 +0000