Microsoft has confirmed that SMS-based authentication and account recovery for personal accounts is on its way out. The company argues that plaintext SMS codes are no longer fit for purpose in secure authentication, particularly now that stronger alternatives are widely available across Windows and mobile platforms.
Redmond had signaled the shift earlier this year, and is now formalizing it through an updated support page.
The company characterizes SMS-based authentication as an active security liability, citing how cybercriminals increasingly exploit plaintext mobile messages to run fraud campaigns. SMS authentication is also susceptible to phishing, SIM-swapping, and other sophisticated attack vectors.
Read more here:
Microsoft is pulling the plug on SMS codes, wants you to switch to passkeys | TechSpot
