Microsoft won't send you SMS texts for login anymore - why it's pushing passkeys instead

Microsoft won't send you SMS texts for login anymore - why it's pushing passkeys instead

Briefly

"Microsoft is putting the brakes on SMS-based authentication for anyone who uses a Microsoft account. On a new support page, Microsoft announced that it will start phasing out SMS as an authentication and account recovery method for personal Microsoft accounts. Instead, the company is pushing passkeys, which offer much stronger security."

"No matter which messaging app you use, SMS lacks end-to-end encryption to protect the text during its journey. As such, the message can be intercepted by hackers who then gain access to the included security code. One common tactic is SIM swapping. Here, a hacker who snags your text can use the security code to sign in to your mobile account, thereby convincing your carrier to transfer your number to a different SIM."

"From there, they can receive SMS authentication texts sent to your number, allowing them to take over your personal accounts one by one. "SMS-based authentication is now a leading source of fraud, and by moving to passwordless accounts, passkeys, and verified email, we're helping you stay ahead of evolving threats while making account access simpler and more seamless," Microsoft said on its support page."

""SMS authentication is vulnerable to phishing and SIM-swap attacks. We're replacing it with passkeys and verified email for better protection and convenience." Microsoft is pushing users to set up a passkey instead when signing in or recovering a Microsoft account."