\n<\/p>\n
Microsoft starts scrapping 2FA SMS codes.<\/span><\/p>\n getty<\/small><\/div>\n<\/div>\n<\/figure>\n Microsoft has confirmed it is starting to phase out SMS as a method of authentication, as well as account recovery, for all personal Microsoft accounts. If you use SMS as your primary 2FA code delivery mechanism, you had better pay attention and change to something else as soon as possible to prevent login problems down the line. <\/p>\n The short message service has been the default text protocol to send messages between mobile devices for the longest time. But all bad things come to an end, and SMS is truly that as far as security is concerned. That\u2019s what so many people have moved to using encrypted messaging platforms such as WhatsApp and Signal. It\u2019s also why Microsoft has announced that it is scrapping the use of two-factor authentication codes sent using SMS for logging into personal Microsoft accounts. <\/p>\n Forbes<\/span>Microsoft Confirms Surprising Edge Password Security U-Turn<\/span>By Davey Winder<\/span><\/small><\/span><\/span><\/p>\n \u201cSMS-based authentication is now a leading source of fraud,\u201d Microsoft has said, \u201cand by moving to passwordless accounts, passkeys, and verified email, we’re helping you stay ahead of evolving threats while making account access simpler and more seamless.\u201d<\/p>\n That fraud comes in many guises, from attacks targeting senior citizens to SMS pumping attacks that target phone bills, but the type of fraud that Microsoft is addressing with this change is directed at account authentication. It doesn\u2019t take a tech genius to realize that transmitting 2FA codes in plain text, using cellular networks, is hardly the most secure method to do so. Interception and SIM-swap attacks are just two of the risks. But that doesn\u2019t really matter; what does is that there are many more secure methods of receiving 2FA codes, by way of an authenticator app, for example, and many more secure methods for logging in, such as a passkey. There really is no need to be using SMS anymore, especially when those other methods are as easy, if not easier, to use. Microsoft itself has now said <\/a>that it \u201cbelieves that the future of authentication is passwordless, secure, and user-friendly.\u201d<\/p>\n Forbes<\/span>2 New Microsoft Defender Zero-Days Exploited\u2014Patch Now Rolling Out<\/span>By Davey Winder<\/span><\/small><\/span><\/span><\/section>\n Microsoft has confirmed that users signing in to a personal account will be \u201cguided through a simple process to add a verified email and set up a passkey,\u201d so they can both log in and recover the account without using SMS. It is not yet clear what the timeline is for phasing out SMS codes altogether, but I would recommend making the change now to stay on top of things and, it must be said, to improve your security posture at the same time. You can also find out more and register a passkey here<\/a>.<\/p>\n Once you have done so, there will be no more waiting around for those SMS codes to arrive on your smartphone, as signing in with a passkey is pretty much instant; just use your device\u2019s biometrics or PIN. Passkeys are also highly phishing-resistant, while maintaining ease of use even when recovering an account. \u201cPasskeys ensure users can recover access even if they change phone numbers or lose devices,\u201d Microsoft confirmed. So, what are you waiting for?<\/p>\n<\/section>\n<\/div>\nMicrosoft Explains Why It Is Scrapping SMS Authentication<\/h2>\n
Microsoft Says Personal Account Users Should Move To Passkeys<\/h2>\n