VERIFIEDBy Xavier Rivera· ·2 min read

Microsoft Phases Out SMS Authentication for All Accounts

Microsoft is phasing out SMS authentication and account recovery for all personal Microsoft accounts, including those used with Xbox, citing it as a leading source of fraud. The change promotes more secure passwordless options like passkeys to counter phishing and SIM-swap attacks while simplifying access.

Source:Pure Xbox

Post

Microsoft Phases Out SMS Authentication for All Accounts

TL;DRAI · 60 sec read

Microsoft is officially phasing out SMS authentication and account recovery as an option from everyone's personal Microsoft account. The change directly affects Xbox accounts as well. The company states that SMS-based authentication is now a leading source of fraud.

Instead of receiving texts with a six-digit code to prove identity during sign-in, Microsoft is directing users toward other methods such as passkeys. These allow sign-in using Face ID, fingerprints and PIN numbers. Many people already rely on the Microsoft Authenticator app for their Xbox accounts, and the company indicates this will continue to function as normal.

Microsoft believes that the future of authentication is passwordless, secure, and user-friendly.

"Microsoft is committed to advancing security standards and as such, we will start phasing out SMS as a method of authentication and account recovery for personal Microsoft accounts," the company said. "Microsoft believes that the future of authentication is passwordless, secure, and user-friendly. SMS-based authentication is now a leading source of fraud, and by moving to passwordless accounts, passkeys, and verified email, we're helping you stay ahead of evolving threats while making account access simpler and more seamless."

SMS authentication is vulnerable to phishing and SIM-swap attacks. Microsoft is replacing it with passkeys and verified email for better protection and convenience. Passkeys provide a modern, phishing-resistant way to sign in using a device's built-in authentication such as Face ID, fingerprint or PIN. They are described as faster and more secure than passwords or SMS codes.

SMS-based authentication is now a leading source of fraud, and by moving to passwordless accounts, passkeys, and verified email, we're helping you stay ahead of evolving threats while making account access simpler and more seamless.

Recent updates to Microsoft account sign-in now support passkeys with device biometric authentication, making phishing virtually impossible. The official Microsoft Support website offers details on protecting a Microsoft account. Users are advised to check the Security section of their Microsoft account dashboard to review current settings.

Xbox owners have occasionally lost access to digital game libraries after accounts were hacked. The company recommends reading the "How to help keep your Microsoft account secure" page on its website to improve settings and avoid potential fraud. The shift underscores Microsoft's commitment to passwordless authentication across personal accounts.

EXPERT TAKE

Expert Take: Cloud admins should audit Microsoft account security settings now to migrate users to passkeys and Authenticator before SMS options disappear entirely.

Why this mattersAI · ~100 words

Tap a lens to see what this story means for you.

Reader-supported

CoffeeSupport →Follow@thecircuitry_ →

Reader-supported · Daily Brief

Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.

HELP US IMPROVE

Reader-supported

The Circuitry is a passion project I've always wanted to build, and I love the work behind it.

Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.

Any contribution is appreciated. If not, no pressure. Thanks for reading.

Support →

Microsoft Xbox Security Authentication

MORE IN TECH

CISA Warns Hackers Exploit Patched SolarWinds Serv-U Flaw

CISA warned that hackers are actively exploiting a recently patched high-severity flaw in SolarWinds Serv-U software to crash servers and added it to its Known Exploited Vulnerabilities Catalog. The agency ordered federal agencies to patch by June 19 and urged all organizations to mitigate the ongoing attacks immediately.

S&P 500 Rejects Fast-Track for SpaceX and AI Firms

S&P Dow Jones Indices refused to waive seasoning, profitability, or public float rules for SpaceX's IPO, blocking accelerated S&P 500 entry that could have unlocked billions in passive funds. The same barriers now apply to expected IPOs from OpenAI and Anthropic, limiting exposure of retirement assets to unprofitable AI bets.

New York Passes One-Year Moratorium on New Large Data Centers

New York lawmakers approved a one-year moratorium on new large data centers, the first such statewide measure if signed by Governor Hochul. The pause aims to study environmental and energy impacts amid growing AI-driven demand.