by Dan Moren
Microsoft is getting rid of SMS two-factor codes
Microsoft believes that the future of authentication is passwordless, secure, and user-friendly.
SMS-based authentication is now a leading source of fraud, and by moving to passwordless accounts, passkeys, and verified email, we’re helping you stay ahead of evolving threats while making account access simpler and more seamless.
Good. Hopefully this is a trend that more and more companies get onboard with, along with passkey adoption.
I’ve long appreciated Apple’s long-time feature to autofill (and auto-delete) codes via SMS has been a great stop-gap, but we should stop relying on SMS for these things altogether.
Apple itself largely does not use SMS as an authentication method, though I believe it’s still available as a fallback for your Apple account (there’s a trusted phone number listed that can be used to recover your account if needed.) By and large, though, the company has just sent codes to your various devices, though it also allows for the use of hardware security keys for iCloud. And, of course, the company has been at the forefront of passkey implementation.