{"id":150423,"date":"2026-05-21T13:22:54","date_gmt":"2026-05-21T13:22:54","guid":{"rendered":"https:\/\/christiancorner.us\/index.php\/2026\/05\/21\/microsoft-is-removing-sms-codes-for-two-factor-authentication\/"},"modified":"2026-05-21T13:26:54","modified_gmt":"2026-05-21T13:26:54","slug":"microsoft-is-removing-sms-codes-for-two-factor-authentication","status":"publish","type":"post","link":"https:\/\/christiancorner.us\/index.php\/2026\/05\/21\/microsoft-is-removing-sms-codes-for-two-factor-authentication\/","title":{"rendered":"Microsoft is removing SMS codes for two-factor authentication"},"content":{"rendered":"<p>\n<\/p>\n<div id=\"\">\n<hr class=\"custom-gradient-background my-6 h-(6px) max-w-(75px) border-0\"\/>\n<p>If you have a Microsoft account that uses SMS for two-factor authentication, you may soon have to choose a more secure method to log in. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.windowslatest.com\/2026\/05\/19\/microsoft-is-killing-sms-codes-for-microsoft-account-sign-in-aggressively-pushes-passkeys-on-windows-11\/\" title=\"open in a new window\">Reported by Windows Latest<\/a>The company is removing text-based authentication codes for personal accounts, saying these are &#8220;now a major source of fraud.&#8221; Instead users will be prompted to set a passkey. <\/p>\n<h2 id=\"microsoft-is-trying-to-eliminate-passwords\">Microsoft is trying to eliminate passwords<\/h2>\n<p>Microsoft has already started moving toward a password-less environment \u2014 last year, the company made the passkey the default on new accounts at setup. Now, it&#8217;s phasing out SMS codes for 2FA and account recovery in favor of passkeys, authenticator apps, and verified backup email addresses. <\/p>\n<p>SMS codes are quick to set up and convenient to use. However, they are one of the least secure forms of multi-factor authentication (MFA), as they are highly vulnerable to phishing and SIM swapping attacks. Authenticator apps (which generate temporary codes that change every 30 seconds) may be slightly better, but the best MFA option is based on biometrics and WebAuth credentials like a passkey. <\/p>\n<p>Passkeys use your device&#8217;s built-in authentication, such as a face scan, fingerprint scan, or PIN. They can also be synced across devices through password management services. Once you&#8217;ve established your passkey, you can authenticate logins anywhere using one of those methods on your trusted device. Passkeys can&#8217;t be phished or stolen, and they only work on legitimate domains for which they&#8217;re created (so they won&#8217;t prompt you to authenticate if you&#8217;re trying to log in to a fake site). They also require that your trusted device be physically close to the device you&#8217;re logging in to, so they can&#8217;t be used to access your accounts remotely. <\/p>\n<div class=\"pogoClear relative my-10 border-b-(1.5px) border-t-(1.5px) border-dashed border-black py-5 sm:my-14 sm:border-0 sm:py-0\" data-ga-click=\"\" data-ga-template=\"News\" data-ga-module=\"openweb_widget\" data-ga-element=\"openweb_scroll\" data-ga-item=\"openweb_scroll_midpage\" x-data=\"{&#10;         commentsCount: null,&#10;         hasComments: false,&#10;         async fetchCommentsCount() {&#10;             try {&#10;                 if (window.openweb &amp;&amp; typeof window.openweb.getMessagesCount === 'function') {&#10;                     this.commentsCount = await window.openweb.getMessagesCount('01KS3GQVC37WEVGQ9WA6AAA0SX');&#10;                     this.hasComments = this.commentsCount !== null &amp;&amp; this.commentsCount &gt; 0;&#10;                 }&#10;             } catch (e) {&#10;                 console.warn('Failed to fetch comment count:', e);&#10;             }&#10;         }&#10;     }\" x-init=\"fetchCommentsCount()\" x-cloak=\"\">\n<div class=\"relative flex justify-center\">\n<div class=\"flex max-w-fit items-center gap-x-3 bg-white px-5\">\n<p>            <span class=\"text-sm font-medium text-black\"><\/p>\n<p>                What do you think so far?<br \/>\n                <button class=\"ml-1 font-semibold text-brand-green underline hover:text-brand-green-700\" type=\"button\" aria-label=\"Comment section trigger\" onclick=\"window.openweb.scrollToComments('01KS3GQVC37WEVGQ9WA6AAA0SX')\" x-text=\"hasComments ? 'Post a comment.' : 'Be the first to post a comment.'\"\/><br \/>\n            <\/span>\n        <\/div>\n<\/p><\/div>\n<\/div>\n<p>Although there does not appear to be a set date for SMS authentication to be turned off, Microsoft users should expect this change to an alternative method soon.<\/p>\n<\/p><\/div>\n<p><script>\n            var facebookPixelLoaded = false;\n            window.addEventListener(\"load\", function() {\n                document.addEventListener(\"scroll\", facebookPixelScript);\n                document.addEventListener(\"mousemove\", facebookPixelScript);\n            });\n            function facebookPixelScript() {\n                if (!facebookPixelLoaded) {\n                    facebookPixelLoaded = true;\n                    document.removeEventListener(\"scroll\", facebookPixelScript);\n                    document.removeEventListener(\"mousemove\", facebookPixelScript);\n                    window.zdconsent.cmd.push(function() {\n                        ! function(f, b, e, v, n, t, s) {\n                            if (f.fbq) return;\n                            n = f.fbq = function() {\n                                n.callMethod ?\n                                    n.callMethod.apply(n, arguments) : n.queue.push(arguments);\n                            };\n                            if (!f._fbq) f._fbq = n;\n                            n.push = n;\n                            n.loaded = !0;\n                            n.version = \"2.0\";\n                            n.queue = ();\n                            t = b.createElement(e);\n                            t.async = !0;\n                            t.src = v;\n                            s = b.getElementsByTagName(e)(0);\n                            s.parentNode.insertBefore(t, s);\n                        }(window,\n                            document, \"script\", \"\/\/connect.facebook.net\/en_US\/fbevents.js\");\n                        fbq(\"init\", \"37418175030\");\n                        fbq(\"track\", \"PageView\");\n                    });\n                }\n            }\n        <\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you have a Microsoft account that uses SMS for two-factor authentication, you may soon have to choose a more secure method to log in. Reported by Windows LatestThe company is removing text-based authentication codes for personal accounts, saying these are &#8220;now a major source of fraud.&#8221; Instead users will be prompted to set a<\/p>\n","protected":false},"author":1,"featured_media":150427,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57],"tags":[32569,8759,7539,3830,32275,32568],"class_list":["post-150423","post","type-post","status-publish","format-standard","has-post-thumbnail","category-bible-verse","tag-authentication","tag-codes","tag-microsoft","tag-removing","tag-sms","tag-twofactor"],"_links":{"self":[{"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/posts\/150423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/comments?post=150423"}],"version-history":[{"count":1,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/posts\/150423\/revisions"}],"predecessor-version":[{"id":150428,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/posts\/150423\/revisions\/150428"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/media\/150427"}],"wp:attachment":[{"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/media?parent=150423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/categories?post=150423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/tags?post=150423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}