Microsoft Phases Out SMS Codes for Personal Accounts as Passkeys Replace Vulnerable Logins
Updated
Updated · Fox News · Jun 1
Microsoft Phases Out SMS Codes for Personal Accounts as Passkeys Replace Vulnerable Logins
5 articles · Updated · Fox News · Jun 1
Microsoft said personal account users will be steered away from SMS codes for sign-ins and account recovery, with passkeys and verified email becoming the preferred options; no universal cutoff date was given.
SMS authentication has become a major fraud risk because codes can be intercepted in SIM-swap attacks or stolen through phishing, exposing Outlook, OneDrive, Windows, Xbox and Microsoft 365 accounts tied to the same login.
Passkeys let users sign in with a fingerprint, face scan, device PIN or security key, using cryptographic credentials that stay on the device and are harder for scammers to capture than texted codes.
Microsoft said verified email will remain part of recovery, and users are being urged to update backup email addresses, remove old phone numbers, enable Microsoft Authenticator and save recovery codes securely.
As Microsoft abandons SMS codes, will less tech-savvy users be locked out of their own digital lives?
With SMS authentication now obsolete, what is the next security loophole hackers are already preparing to exploit?
Passkeys promise ultimate security, but could they inadvertently trap you inside a single tech giant's ecosystem?
Microsoft to Phase Out SMS Codes by 2026: Passkeys Become Default for Secure Account Authentication
Overview
Microsoft is phasing out SMS-based authentication codes for personal accounts, a move driven by serious security vulnerabilities in SMS, rising fraud, and global regulatory demands for stronger authentication. This shift began with passkeys becoming the default option in May 2025 and expanded through registration campaigns by March 2026. SMS codes are easy targets for phishing and SIM-swapping attacks, leading to unauthorized account access and frequent reliability issues. By adopting passkeys, which use secure cryptographic methods and are resistant to phishing, Microsoft aims to provide safer and more reliable sign-in experiences, aligning with new security standards and improving user protection.