Microsoft Finally Ends Using SMS Codes for Account Sign-in — with Passkeys Officially Taking Over
Microsoft is shifting accounts to passkeys and verified email as it phases out SMS, which the company says is a leading source of fraud.
- Microsoft announced it will phase out SMS as an authentication and recovery method for personal accounts, shifting toward passwordless methods like passkeys and verified email to improve security standards.
- SMS messages are sent in plaintext and vulnerable to man-in-the-middle attacks; Microsoft notes they were never designed for security, while passkeys use local biometric or PIN data to confirm identity.
- In an official advisory, Microsoft stated "SMS-based authentication is now a leading source of fraud," while verified email links will remain an option for users unable to access passkey features.
- Users without a passkey will soon be prompted to set one up, though Microsoft has not provided a specific timeline for fully phasing out SMS for personal accounts.
- SquareX researcher Shourya Pratap Singh warned that attackers can fake passkey registrations by intercepting browser workflows, though proponents claim the technology will finally "kill" the password after decades.
19 Articles
19 Articles
Microsoft has officially announced the end of SMS verification codes. According to the company, these codes, used years ago to confirm identity, are being widely used for frauds. Microsoft is...
Microsoft has announced that it will stop sending SMS codes for authentication and account recovery in Microsoft's personal accounts, replacing them with more secure options such as access keys, authentication apps and verified email addresses, according to Windows Central. "Microsoft believes that the future of authentication is without password, secure and easy to use." According to Microsoft, SMS-based authentication is "one of the main sourc…
This had to happen. Microsoft had already imposed the passkeys on the new accounts a year ago. This time, the signal goes further. In a recently published support page, the company qualifies SMS authentication as the main source of fraud on personal accounts. Why has SMS been a problem for years? [...]
For some time now, it has been possible to authenticate oneself when logging into a Microsoft account using a six-digit code received via SMS. Windows Latest now reports that SMS verification will soon be discontinued. It appears that Microsoft wants users who still rely on SMS verification to switch to passkeys instead. This is not surprising, however, as Microsoft began requiring passkeys for new Microsoft accounts a year ago.
Coverage Details
Bias Distribution
- 34% of the sources lean Left, 33% of the sources are Center, 33% of the sources lean Right
Factuality
To view factuality data please Upgrade to Premium
