Time to Switch: How to Set Up Passkeys Before Microsoft Ditches SMS 2FA Logins
Microsoft is phasing out SMS-based two-factor authentication for local account logins due to security vulnerabilities. The company is promoting the use of passkeys as a more secure alternative, which utilize biometric data or local security features. While passkeys enhance security, they may not always be as convenient as SMS for some users.
- ▪Microsoft is moving away from SMS-based two-factor authentication due to its vulnerability to fraud.
- ▪Passkeys will replace SMS as a method of authentication for Microsoft accounts.
- ▪Users will soon be prompted to set up a passkey if they do not have one.
Opening excerpt (first ~120 words) tap to expand
Microsoft is continuing its passkey push by moving away from SMS-based two-factor authentication for local account logins, citing its vulnerability to exploitation and fraud. Instead, it wants everyone to start using passkeys (and eventually, ditch passwords altogether).Although text messages have proved a useful way to add an extra layer of security to account logins, they were never designed for this purpose. SMS messages are sent in plaintext, making them a vulnerable vector for man-in-the-middle and number spoofing attacks."Microsoft is committed to advancing security standards and as such, we will start phasing out SMS as a method of authentication and account recovery for personal Microsoft accounts," Microsoft said in an official advisory.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at PCMag.
Discussion
0 commentsMore from PCMag
