Back to Data Cards

Data Card

Microsoft begins phasing out SMS codes for personal account sign-in and recovery

Microsoft began phasing out SMS-based verification codes for personal account sign-in and recovery, steering users toward passkeys, authenticator apps, and hardware security keys.

2026-05-19CC-BY-4.0passkeyspasswordlessaccount-recovery

About

Key Facts

  • The shift is intended to reduce exposure to SIM-swapping and other telecommunications-channel attacks.
  • Microsoft is positioning FIDO2-compliant passkeys and hardware-backed methods as the preferred recovery and authentication baseline.
  • The move extends passwordless authentication pressure from enterprise environments into consumer account recovery.

Card Text

This is a broad signal for authentication markets because account recovery has often remained dependent on weaker SMS channels even after primary login flows moved toward passkeys or authenticator apps.

Sources