If you have a Microsoft account that uses SMS for two-factor authentication, you’ll soon need to choose a more secure method to log in. Reported by Windows LatestThe company is removing text-based authentication codes for personal accounts, saying this is “now a leading source of fraud.” Users will be prompted to set a passkey instead.
Microsoft is trying to eliminate passwords
Microsoft has already begun moving toward a password-less environment — last year, the company said Passkey is made default On new accounts at setup time. Now, it’s phasing out 2FA and SMS codes for account recovery in favor of passkeys, authenticator apps, and verified backup email addresses.
SMS codes are quick to set up and convenient to use. However, they are also in between The least secure forms of multi-factor authentication (MFA), as they are highly vulnerable to phishing and SIM swapping attacks. Authenticator apps (which generate a temporary code that changes every 30 seconds) may be a bit better, but the best MFA option is one based on WebAuthn credentials, such as biometrics and passkeys.
Passkeys Use your device’s built-in authenticationsuch as face scan, fingerprint scan or PIN. They can also be synced across devices via password management services. Once you’ve established your passkey, you can authenticate logins anywhere using one of these methods on your trusted device. Passkeys can’t be phished or stolen, and they only work on the legitimate domain they’re created for (so they won’t prompt you to authenticate if you’re trying to log into a fake site). They also require that your trusted device be physically close to the device you’re logging in to, so it can’t be used to remotely access your accounts.
What do you think so far?
While there doesn’t appear to be a set date for SMS authentication to be phased out, Microsoft users should expect to transition to an alternative method soon.
