Microsoft has retired the master password feature for its Edge browser from June 4, requiring users to use device-based authentication such as Windows Hello to access saved passwords.
The change affects Edge’s built-in password manager, where a master password could previously be used as an additional gate to stored credentials. With the update, access shifts to device authentication methods including a PIN, fingerprint, or facial recognition, depending on the configuration of Windows Hello.
The move is part of Microsoft’s broader push toward passwordless authentication across its ecosystem. NordPass VP of engineering Ignas Valancius said the change “isn’t just changing a setting — they’re forcing a change in habit,” and argued that while passkeys and biometrics can be more secure and convenient, a sudden transition may frustrate users who prefer password-based workflows.
Valancius said users who want to keep using a master password can switch to third-party password managers, while also pointing to security risks associated with password reuse and minor variations across services.
According to Valancius, Microsoft began phasing out password-based authentication last year, starting with its Authenticator app, with passwords and autofill moved into Edge’s password manager. He said Microsoft removed support for creating new master passwords at the end of February 2026, allowing existing master passwords to continue working until June 4.
Valancius also cited research from NordPass that said the average number of passwords managed by an individual dropped from 168 in 2024 to 120 in 2026, with work-related passwords falling from 87 to 67. He attributed the decline to increased use of single sign-on and wider adoption of alternatives such as passkeys and WebAuthn.
