Key facts
- Microsoft is phasing out SMS codes for personal account sign-ins and recovery.
- The company cites security risks such as SIM-swap scams and phishing as reasons for the change.
- Users will be encouraged to use passkeys and verified email instead of SMS codes.
- This change impacts users of Outlook, OneDrive, Windows, and Xbox.
- Passkeys use cryptography and are tied to a user's device, making them harder to steal than SMS codes.
Microsoft's decision to move away from SMS codes for account authentication stems from the increasing vulnerability of text-based codes to various scams, including SIM-swap attacks and phishing. These methods allow malicious actors to intercept or trick users into revealing codes, gaining unauthorized access to sensitive accounts. By promoting passkeys and verified email, Microsoft aims to bolster account security and protect users' digital lives from rapidly evolving cyber threats.