Microsoft has announced that it will stop sending SMS codes for authentication and account recovery on personal Microsoft accounts, replacing them with more secure options like passkeys, authenticator apps, and verified email addresses, as reported by Windows Central.
"Microsoft believes that the future of authentication is passwordless, secure, and user-friendly."
According to Microsoft, SMS-based authentication is "a leading source of fraud, and by moving to passwordless accounts, passkeys, and verified email, we're helping you stay ahead of evolving threats while making account access simpler and more seamless".
However, what is not outlined in the security advisory documentation highlighting the change, is when Microsoft plans to completely phase out SMS codes for Microsoft account sign-in.
Microsoft is seeing passkeys as the better, faster, and more secure option for authentication and account recovery on personal Microsoft accounts, because they provide a "phishing-resistant way" to sign in using your device's built-in authentication, like Face ID, fingerprint, or PIN.
Users are still be able to recover their Microsoft account even if their phone is lost or stolen, since this can be done with a verified email and passkey (as alternative recovery options).