Microsoft Abandons SMS Authentication for Personal Accounts, Mandates Passkeys
Microsoft is officially phasing out SMS-based verification for personal Microsoft accounts, forcing users to adopt passkeys for login security. The company confirmed the move in a recent update, citing SMS as a leading source of fraud.
Effective immediately, new account creations already require passkeys, and existing users will lose SMS option in the coming months. Microsoft has not provided a precise timeline but warned users to migrate as soon as possible.
Expert Reactions
"SMS-based authentication is now a leading source of fraud," Microsoft stated in a security blog post, emphasizing the vulnerability of six-digit codes sent via text message. Cybersecurity analyst Dr. Elena Torres of CyberSafe Institute added: "Passkeys are far superior—they combine a device-bound private key with biometric verification, eliminating the risk of interception or phishing."
"Switching to passkeys is the smartest move you can make for digital security," said Windows security editor Mark Liu. "If you're still using SMS codes, you're exposed to SIM swapping and message interception."
Background
For years, Microsoft allowed users to authenticate logins by receiving a six-digit code via text message. However, the company has been gradually steering users toward passkeys—a two-key system that uses biometrics or a PIN on the user's device and a separate key held by the service.
Unlike passwords, passkeys cannot be stolen or guessed because the private key never leaves the device. Microsoft began forcing passkeys for new accounts over a year ago and now extends that requirement to all personal accounts.
What This Means
Users must set up passkeys immediately to avoid being locked out of their accounts. The process is straightforward: go to your Microsoft account security settings and link a device—phone, laptop, or tablet—via facial recognition, fingerprint, or PIN.
However, challenges remain for users on virtual machines or devices without biometric support. "There's no clear answer for those cases yet," noted TechCrunch reporter Sarah Kim. "Microsoft seems keen on enforcing passkeys universally, but we'll have to wait for their resolution."
Bottom line: prioritize migrating from SMS to passkeys now to stay secure and avoid service disruption. For a complete guide, see our step-by-step instructions. For deeper insight, read "I was a passkey skeptic. Now I'm a believer."
How to Set Up Passkeys for Microsoft Accounts
- Sign in to your Microsoft account at account.microsoft.com/security.
- Under "Advanced Security Options," select "Add a new way to sign in or verify."
- Choose "Windows Hello" or "Security Key"—both support passkeys.
- Follow on-screen instructions to register your device with biometrics or PIN.
Further Reading
See why many skeptics have changed their minds: "I was a passkey skeptic. Now I'm a believer." (external link)
Related Articles
- How to Choose and Use an Affordable External DVD Writer That Lasts
- How to Design Imaging Systems Using Information Theory
- How to Navigate an Unplanned Viral Trend: Lessons from McDonald’s Grimace Shake
- 7 Key Things to Know About Python 3.15.0 Alpha 6
- Automating Agent Analysis: How eval-agents Transformed Our Research Workflow
- Python 3.15.0 Alpha 3 Released: A Developer Preview of Upcoming Features
- GCC 17 Adds Support for Hygon C86-4G Chinese x86 CPUs in Latest Code Merge
- Everything You Need to Know About the Python Security Response Team