We’re only days away from the Microsoft Authenticator app no longer managing passwords. 

As of this Friday, you won’t be able to save or manage passwords, use two-factor authentication or auto-fill. And it won’t be your go-to password manager anymore, either. 

Earlier this summer, Microsoft announced it was moving from passwords to passkeys. So instead of creating a password with a mix of letters, symbols and numbers, you’ll use PINs, fingerprint scans, facial recognition or a pattern on your device’s lock screen to log in to your accounts. 

Passkeys are a safer alternative to the risky password habits we use, according to Attila Tomaschek, a CNET software senior writer and digital security expert. CNET’s password survey found that 49% of US adults have bad password habits. And using the same password for several accounts or one that’s easy to guess can put you at risk of hackers stealing your data. 

Yet, the switch to a new login process is coming up quickly. So it’s time to figure out how passkeys will work with Microsoft and to pick a new password manager. Here’s what you need to know to get started. 

Microsoft Authenticator will stop supporting passwords on Aug. 1

Microsoft Authenticator houses your passwords and lets you sign into all your Microsoft accounts using a PIN, facial recognition like Windows Hello or other biometric data like a fingerprint. Authenticator can be used in other ways, such as verifying you’re logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your accounts. In June, the company stopped letting users add passwords to Authenticator.

As of this month, you won’t be able to use the autofill password function. And starting Aug. 1, you’ll no longer be able to use saved passwords.

If you still want to use passwords instead of passkeys, you can store them in Microsoft Edge. However, CNET experts recommend adopting passkeys during this transition. «Passkeys use public key cryptography to authenticate users, rather than relying on users themselves creating their own (often weak or reused) passwords to access their online accounts,» Tomaschek said.

Why passkeys are a better alternative to passwords

So what exactly is a passkey? It’s a credential created by the Fast Identity Online Alliance that uses biometric data or a PIN to verify your identity and access your account. Think about using your fingerprint or Face ID to log into your account. That’s generally safer than using a password that is easy to guess or susceptible to a phishing attack.

«Passwords can be cracked, whereas passkeys need both the public and the locally stored private key to authenticate users, which can help mitigate risks like falling victim to phishing and brute-force or credential-stuffing attacks,» said Tomaschek. 

Passkeys aren’t stored on servers like passwords. Instead, they’re stored only on your personal device. More conveniently, this takes the guesswork out of remembering your passwords and the need for a password manager.

How to set up a passkey in Microsoft Authenticator

Microsoft said in a May 1 blog post that it will automatically detect the best passkey to set up and make that your default sign-in option. «If you have a password and ‘one-time code’ set up on your account, we’ll prompt you to sign in with your one-time code instead of your password. After you’re signed in, you’ll be prompted to enroll a passkey. Then the next time you sign in, you’ll be prompted to sign in with your passkey,» according to the blog post.

To set up a new passkey, open your Authenticator app on your phone. Tap on your account and select «Set up a passkey.» You’ll be prompted to log in with your existing credentials. After you’re logged in, you can set up the passkey.

Other password manager alternatives 

Since Microsoft will get rid of all of your passwords in two weeks, you’ll need a new place to store your passwords safely. Tomaschek has a few of the best password manager recommendations after testing and reviewing several. 

The top recommendation is Bitwarden for its transparency. It’s open-source and audited annually. From a price perspective, the free plan lets you store infinite passwords across unlimited devices. The free plan also includes features most password managers would charge for, including password sharing and a username and password generator. 

Bitwarden’s upgraded plans have other upgraded features that could be worth the cost, too. 

Personally, Tomaschek has been using 1Password for a while, and he likes the interface and family plan. Even though it’s second on the list, Tomaschek says it’s just as good as Bitwarden. 

Tea, a women’s dating safety app that recently surged to the top of the free iOS App Store listings, suffered a major security breach last week. The company confirmed Friday that it «identified authorized access to one of our systems» that exposed thousands of user images. And now we know that DMs were accessed during the breach, too.

Tea’s preliminary findings from the end of last week showed the data breach exposed approximately 72,000 images: 13,000 images of selfies and photo identification that people had submitted during account verification, and 59,000 images that were publicly viewable in the app from posts, comments and direct messages.

Those images had been stored in a «legacy data system» that contained information from more than two years ago, the company said in statement. «At this time, there is no evidence to suggest that current or additional user data was affected.» 

Earlier Friday, posts on Reddit and 404 Media reported that Tea app users’ faces and IDs had been posted on anonymous online message board 4chan. Tea requires users to verify their identities with selfies or IDs, which is why driver’s licenses and pictures of people’s faces are in the leaked data.

And on Monday, a Tea spokesperson confirmed to CNET that it additionally «recently learned that some direct messages (DMs) were accessed as part of the initial incident.» Tea has also taken the affected system offline. That confirmation followed a report by 404 Media on Monday that an independent security researcher discovered it would have been possible for hackers to gain access to DMs between Tea users, affecting messages sent up to last week on the Tea app.

Tea said it has launched a full investigation to assess the scope and impact of the breach.

Class action lawsuit filed

One of the users of the Tea app, Griselda Reyes, has filed a class action lawsuit on behalf of herself and other Tea users affected by the data breach. According to court documents filed on July 28, as reported earlier by 404 Media, Reyes is suing Tea over its alleged «failure to properly secure and safeguard … personally identifiable information.»

«Shortly after the data breach was announced, internet users claimed to have mapped the locations of Tea’s users based on metadata contained from the leaked images,» the complaint alleges. «Thus, instead of empowering women, Tea has actually put them at risk of serious harm.»

Tea also has yet to notify its customers personally about their data being breached, the complaint alleges. 

The complaint is seeking class action status, damages for those affected «in an amount to be determined» and certain requirements for Tea to improve its data storage and handling practices.

Scott Edward Cole of Cole & Van Note, the law firm representing Reyes, told CNET he is «stunned» by the alleged lack of security protections in place.

«This application was advertised as a safe place for women to share information, sometimes very intimate information, about their dating experiences. Few people would take that risk if they’d known Tea Dating put such little effort into its cybersecurity,» Cole alleged. «One chief goal of our lawsuit is to compel the company to start taking user privacy a lot more seriously.»

Tea didn’t immediately respond to a request for comment on the class action lawsuit.

What is the Tea app?

The premise of Tea is to provide women with a space to report negative interactions they’ve had while encountering men in the dating pool, with the intention of keeping other women safe. 

The app is currently sitting at the No. 2 spot for free apps on Apple’s US App Store, right after ChatGPT, drawing international attention and sparking a debate about whether the app violates men’s privacy. Following the news of the data breach, it also plays into the wider ongoing debate around whether online identity and age verification pose an inherent security risk to internet users.

In the privacy section on its website, Tea says: «Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. Please be aware, however, that despite our efforts, no security measures are impenetrable.»

Lies of P is an award-winning game that reimagines the story of Pinocchio as a soulslike action roleplaying game set in a grimy world overrun by killer mechanical puppets. And starting Aug. 5, all PlayStation Plus subscribers will be able to play that award-winning game, and others, at no additional cost. 

PlayStation Plus is Sony’s version of Xbox Game Pass, and it offers subscribers a large, constantly expanding library of games. Subscribers can choose from the Essential, Extra and Premium tiers, which each have unique perks and benefits. The plans start at $10 a month, and each tier gives subscribers access to monthly games and rewards.

Here are the games all PS Plus subscribers can play starting Aug. 5. You can also check out the games Sony added to the PS Plus Game Catalog in July, including Cyberpunk 2077.

Lies of P

This is a macabre soulslike game akin to Bloodborne and based on Carlo Collodi’s classic tale, The Adventures of Pinocchio. Puppets have torn the city of Krat apart, and you play as Pinocchio as he searches for Geppetto in the grisly, oil-stained city. You’ll encounter traps, twisted contraptions and maniacal humans in your search throughout the city, and maybe you’ll find what it means to be human along the way.

DayZ

Can you survive the zombie apocalypse? DayZ places you and dozens of other players into a dense 163 square-kilometer (about 63 square-mile) map filled with zombies and materials you’ll need to last. And with no checkpoints or saves, you’ll need to work together; otherwise, you’ll have to start all over. 

My Hero One’s Justice 2

This over-the-top fighting game is the sequel to the arena fighting game My Hero One’s Justice. In this game, you can fight as — or against — many of the characters from the popular anime series My Hero Academia, including All Might, Endeavor and Fat Gum. You’ll use your characters’ Quirks — or unique powers —  to overcome your opponent’s abilities and win these epic clashes.

For more on PlayStation Plus, here’s what to know about the service and a rundown of PS Plus Extra and Premium games added in July. You can also check out the latest and upcoming games on Xbox Game Pass and Apple Arcade.