Microsoft Preparing to Phase Out SMS Codes for Account Logins

Microsoft is reportedly preparing to discontinue SMS-based verification codes for Microsoft account logins, continuing the company’s broader push toward passwordless authentication and passkey adoption.

The move follows Microsoft’s increasing focus on passkeys as the preferred login method across Windows and other Microsoft services.

Microsoft Wants Users to Move Away From SMS Authentication

For years, Microsoft accounts allowed users to verify logins using six-digit security codes sent through text messages. However, reports now suggest the company plans to phase out SMS verification in the near future.

Although Microsoft has not announced an exact shutdown timeline, the company is reportedly encouraging users to transition to passkeys as soon as possible.

The shift aligns with Microsoft’s broader security strategy introduced over the past year, including efforts to make passkeys the default authentication method for newly created accounts.

Passkeys Designed to Be More Secure Than Passwords

Unlike traditional passwords or SMS verification systems, passkeys rely on paired cryptographic credentials.

One key remains securely stored on the user’s device and is typically protected through biometrics such as fingerprint scanning, facial recognition or local PIN authentication. The second key is stored by the online service itself.

Because both keys are required during authentication, passkeys are considered significantly more resistant to phishing attacks, credential theft and SIM-swapping scams compared to SMS-based verification.

Microsoft has previously warned that text-message authentication remains one of the most commonly exploited forms of account fraud.

Questions Remain for Edge Cases and Virtual Machines

Despite the security advantages, some uncertainty remains regarding situations where passkeys may not function easily, such as virtual machine environments or temporary device access scenarios.

As of now, Microsoft has not fully explained how authentication will operate in cases where users cannot rely on local biometric hardware or stored device credentials.

The company appears committed to accelerating passwordless login adoption regardless, reflecting a larger industry trend as major technology companies increasingly move away from passwords and SMS verification systems.

Google, Apple and other major platform providers have also expanded passkey support over the past two years as part of wider efforts to modernize consumer account security.