Overview
- Microsoft confirmed it will stop sending text-message codes for personal Microsoft accounts and will phase out SMS for sign-in and account recovery.
- Users are being moved to passwordless options such as passkeys, the Microsoft Authenticator app, and a verified backup email address.
- Passkeys store a cryptographic key on your device and use your face, fingerprint, or a device PIN to prove it is you, which makes phishing much harder.
- Windows 11 will prompt personal account holders with a "Sign in faster with your face, fingerprint, or PIN" screen to set up a passkey and verify a backup email.
- Microsoft has not given a cutoff date and reports flag gaps for edge cases like virtual machines or devices without biometrics or security keys.