Security shift: Microsoft will remove SMS authentication from personal accounts, including Xbox, due to its susceptibility to phishing and SIM-swap attacks.
Passkey push: Users are encouraged to adopt passkeys, verified emails, or Microsoft Authenticator for more secure, passwordless logins.
Active threats: The FBI warns hackers are exploiting legitimate Microsoft login flows to bypass MFA and hijack Microsoft 365 accounts.
Why Microsoft’s SMS login ban matters now
Microsoft’s decision to retire SMS authentication aligns with growing evidence of its vulnerability to fraud, particularly phishing and SIM-swap attacks. The FBI’s recent alert underscores that even MFA can be circumvented if attackers manipulate legitimate login flows. By removing SMS, Microsoft aims to reduce the attack surface for such exploits.
MORE: https://www.msn.com/en-us/news/insight/microsoft-to-phase-out-sms-logins-amid-rising-fraud-risk