Microsoft Is Ditching SMS 2FA Login Codes, Prioritizing Passkeys Instead
Microsoft is planning to phase out SMS-based two-factor authentication for local account logins due to its security vulnerabilities. The company is advocating for the use of passkeys, which provide a more secure method of authentication. While passkeys are more secure, they may not always be as convenient as SMS codes.
- ▪Microsoft is moving away from SMS-based two-factor authentication due to its vulnerability to fraud.
- ▪The company aims to promote passkeys as a more secure alternative for account logins.
- ▪SMS messages are sent in plaintext, making them susceptible to various attacks.
Opening excerpt (first ~120 words) tap to expand
Microsoft is looking to move away from SMS-based two-factor authentication for local account logins, citing its vulnerability to exploitation and fraud, according to Windows Latest. Instead, Microsoft wants everyone to start using passkeys (and eventually, ditch passwords altogether).Although text messages have proved a useful way to add an extra layer of security to account logins, they were never designed for this purpose. SMS messages are sent in plaintext, making them a vulnerable vector for man-in-the-middle and number spoofing attacks."Microsoft is committed to advancing security standards and as such, we will start phasing out SMS as a method of authentication and account recovery for personal Microsoft accounts," Microsoft said in an official advisory.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at PCMag.
Discussion
0 commentsMore from PCMag
