Microsoft to End SMS Verification for Personal Accounts

Microsoft is preparing to discontinue SMS-based verification for personal Microsoft accounts, according to a report by Windows Latest. The move is part of the company’s broader push toward passkeys as a replacement for traditional passwords and SMS authentication codes.

Users have long been able to confirm account logins through six-digit verification codes sent via text message. However, Microsoft now appears to be encouraging customers to adopt passkeys instead, continuing a transition that began last year when the company started requiring passkeys for newly created Microsoft accounts.

Why Microsoft Is Promoting Passkeys

Unlike conventional passwords, which can potentially be stolen or guessed, passkeys rely on two separate cryptographic keys. One key is stored securely on the user’s device and protected through biometric authentication such as fingerprint scanning, facial recognition or a PIN code. The second key is managed by the website or service connected to the account.

Both keys are required for a successful login, making passkeys more resistant to phishing attacks and credential theft.

SMS Authentication Seen as Vulnerable

Microsoft has repeatedly warned that SMS-based authentication is no longer considered sufficiently secure. The company has stated that SMS verification has become “one of the primary causes of fraud,” while security experts have also cautioned users against relying on text-message-based two-factor authentication.

The company has not yet announced a specific timeline for when SMS verification will be fully removed, only indicating that the change will happen “soon.” As a result, users who still depend on SMS codes are being encouraged to switch to passkeys as quickly as possible.

Questions Remain About Compatibility

It remains unclear how Microsoft will handle situations where passkeys may not be practical, such as logging into Windows through virtual machines or unsupported devices. Microsoft has not provided details on alternative authentication methods for such cases.

For now, the company appears committed to expanding passkey adoption as part of its long-term account security strategy.