Microsoft is removing SMS two-factor authentication because it is “a major source of fraud”


Summary

  • Microsoft will stop using SMS for personal 2FA, calling it insecure and prone to fraud.

  • Microsoft will push password-free options, such as passcodes and verified email, to improve security and user experience.

  • SMS 2FA has become a major attack vector; Staying away makes it harder for hackers to access accounts.

While having two-factor authentication (2FA) enabled is always more secure than not having it, not all methods are created equal. We’re used to the trusty SMS 2FA method, where a company sends you a text message during the login process and asks you to enter a code. However, when a security measure lasts long enough without any major renewal, bad actors find ways to get around it.

While SMS 2FA was once a bastion of protection, it has now become one of the main attack vectors used by bad actors to break into accounts. As such, Microsoft has announced that it will completely remove SMS 2FA and opt for email and passcode verification.


computer code in purple tones floating over some keys

4 reasons why you should use 2FA apps instead of SMS-based authentication

2FA via SMS is not only unreliable, but it is also a security risk.

Microsoft is getting rid of SMS-based 2FA methods

The company believes they are too insecure.

Windows 11 on an Asus laptop

How he saw it latest WindowsMicrosoft has published documentation outlining what it plans to do with 2FA in the future. Titled “Microsoft will stop sending SMS codes for personal accounts“, the company explains its reasoning for why it is scrapping the method, and honestly, its reasoning seems pretty valid:

Microsoft believes that the future of authentication is passwordless, secure, and easy to use.

SMS-based authentication is now a major source of fraud, and by moving to passwordless accounts, passcodes, and verified email, we’re helping you stay ahead of evolving threats while making account access simpler and more seamless.

Microsoft isn’t lying when it says it’s focusing on eliminating passwords. In fact, New Microsoft accounts don’t have them by default.. By moving to verified emails and passcodes, the company hopes to make life much more difficult for hackers.

Microsoft says people who want to keep their accounts secure should create a passcode. This is a passwordless method where your device and the server you are logging into perform a “secret handshake” that requires no human intervention. This also means that phishers can’t steal the password, because there is no password to steal in the first place.


Samsung Galaxy S23 Ultra with on-screen confirmation next to a lock and key

5 reasons why you should use passwords for security

If you want a secure, password-free login experience, consider using passcodes for security.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

Google just gave Sundar Pichai a $692 million pay package
How to watch the F1 2026 Australian GP live stream for free
On the hunt for elusive “ghost elephants”
LangChain CEO Maintains Better Models Alone Won’t Get His AI Agent into Production