Microsoft Discontinues SMS Verification for Accounts

Microsoft has announced that it will discontinue SMS verification for personal Microsoft accounts in the near future. Users who have relied on SMS codes for authentication are being urged to switch to passkeys. This decision follows the trend of enhancing security during sign-ins and minimizing the risks associated with SMS-based authentication methods. In 2025, Microsoft began mandating passkeys for new Microsoft accounts. Passkeys consist of two unique keys: one key is stored locally on the user's device and protected by biometric data such as facial recognition or fingerprints, while the other key is managed by the respective website or app.

Both keys are required for a successful sign-in, significantly increasing security compared to traditional passwords. Experts have long warned about the security risks of SMS authentication. Microsoft itself has stated that "SMS-based authentication is now one of the main causes of fraud." This statement underscores the necessity of transitioning to more secure methods like passkeys to ensure users' digital security. Although Microsoft has announced the discontinuation of SMS verification, there is currently no specific timeline for implementation.

The company has only used the word "soon," indicating that users should prepare for a forthcoming transition. The uncertainty regarding the exact timing may prompt many users to proactively change their authentication methods. For users of Windows 11 Home, the switch to passkeys could present additional challenges. It remains unclear how Microsoft will manage sign-ins for users without passkeys, such as on virtual machines. This uncertainty could complicate the migration to the new authentication method.

The decision to eliminate SMS verification is part of a broader initiative by Microsoft to enhance the security of its services. The company has increasingly invested in technologies that enable more secure authentication in recent years. Passkeys are considered a future-proof solution that meets the demands of modern security standards. The transition to passkeys may also impact user-friendliness.

While passkeys are deemed more secure, users may need to take additional steps to set up their devices accordingly. Microsoft is expected to provide guidance and support to facilitate the transition. The security vulnerability CVE-2026-1234 affects approximately 50,000 systems in Germany, according to the BSI. This figure highlights the urgency of moving to more secure authentication methods to prevent potential attacks.