Microsoft will release SMS access codes to personal accounts over security risks

If you’ve ever waited for a login code that didn’t appear, you already know the pain. You type your password. Microsoft is asking for a code. Then you stare at your phone like it owes you. Now Microsoft wants to go even further in that direction.

The company says it will issue SMS codes as a way to sign in and get an account for personal Microsoft accounts. Instead, Microsoft wants more people to use passkeys and verified emails. This affects anyone who uses a personal Microsoft account. That would include users of Outlook, OneDrive, Windows, Xbox or Microsoft 365.

That may sound like another tech company forcing you to change your habits. In this case, however, there is a real safety reason behind it. Text message codes have helped make account logins secure for years. They are never designed, however, to protect your digital life. Fraudsters have learned to abuse them, steal them and trick people into giving them away.

SIM SWITCHING KING DROPPED FLORIDA WOMAN’S BANK ACCOUNT IN MINUTES

Join CyberGuy Live: Shut Down Your Phone in 30 Minutes (Saturday, June 13, 10 am ET)

Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step-by-step through real-time phone security fixes. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and go with a simple checklist to stay protected. Register here: CyberGuyLive.com.

Why Microsoft is moving away from SMS codes

Microsoft says that SMS verification has become a major source of fraud. Text messages can be intercepted, stolen through SIM-swap fraud or captured through phishing attacks. That creates a real problem because your Microsoft account can open a lot. It can connect to Outlook, OneDrive, Xbox, Windows, Microsoft 365 and saved payment information.

Once a hacker gets into that account, the damage can quickly spread. They may read your email, reset some passwords or look at private files stored in the cloud. SMS codes once felt like an extra layer of rigidity. Today, they can give people a false sense of security.

A scammer may call your phone carrier and try to move your number to another SIM card. They may also send a fake Microsoft login page asking for your code. If you write it down, the scammer can use it immediately. That’s why Microsoft wants users to go to passkeys. Microsoft did not list the expiration date for all personal accounts. However, it says users who still rely on SMS will be directed to add a verified email and set up a passkey.

HOW A SIM SWITCH CAME INTO A CYBER SCAMMER’S $1.8M CASH

What Microsoft passkey does

A passkey allows you to log in without typing a regular password. Instead, you use something that is already bundled on your device. That could be your face, fingerprint, device PIN or physical authentication key.

Here is an important difference. The passkey uses cryptography behind the scenes. One part stays with Microsoft. The secret part lives on your device or inside your password manager. A scammer can’t just trick you into reading a phone passcode.

That makes passkeys more difficult to steal than SMS codes. They can also feel lighter once you’ve set them up. You can sign in with your fingerprint or face instead of waiting for a text that may never arrive.

MICROSOFT CROSSED THE PRIVACY LINE FOR A FEW EXPECTATIONS

Why Microsoft passkeys may feel confusing at first

Security updates can be annoying. Standard SMS codes. Most people know how to work. Even though they are tricksters, they feel easy. The pass keys can feel confusing at first. You may be wondering where the passkey resides. You may also wonder what happens if you lose your phone or need one for every device.

That confusion is true. It can get worse if you’re setting up a new Windows PC, using a shared computer or changing devices frequently. The good news is that Microsoft says that a verified email will always be part of the account acquisition process. So you should make sure that your backup email address is up to date before you enter the lockout.

How to set up or add a passkey to your Microsoft account

Before you begin, use a device you trust. Also, make sure your browser and app are updated.

• Go to Microsoft account security page of account.microsoft.com/security again Sign in.
• Underneath Account Securitychoose Manage how I sign in.
• Underneath Ways to prove your identitylook for Use the pass key.
• If you already see the passkey listed, like Apple iCloud Keychainyour account already has one set up.
• To add another passkey or login method, select it Add another way to sign in to your account.
• Select Use the pass key or Face, fingerprint, PIN or authentication keydepending on the words you see.
• follow the information on your device.
• Choose where you are i want to keep the passkey, like Apple iCloud Keychain, password manager, your phone, computer or portable authentication key.
• Finish the setup process again make sure the password is valid.

Note: Microsoft’s support pages may say so Advanced Security Options, or Add a new login or authentication method. However, in the current Microsoft account dashboard, many users may see Manage how I sign in then Add another way to sign in to your account in turn.

AMERICA’S MOST USED PASSWORD IN 2025 IS OUT

The tech giant says text message verification is vulnerable to phishing attacks, SIM swapping scams and account takeovers. (Joe Raedle/Getty Images)

Microsoft account security measures you should take now

Don’t rush this change. A few minutes of cleaning can save you a big headache later.

1) Add a backup email you still use

Your recovery email should be an account you can access today. If it points to an old work email or forgotten inbox, update it.

2) Delete old phone numbers

Check if your Microsoft account is still registering the old number. If it does, delete it or replace it with your current number.

3) Open Microsoft Authenticator

Microsoft Authenticator it can provide another secure way to verify your identity. It can also help if you have a problem with SMS or email.

4) Save recovery codes safely

If Microsoft provides backup codes, keep them in a secure location. Don’t save them in a blank note called “Microsoft password.”

5) Use a strong password manager

Even if you’re moving to passkeys, a password manager still helps. It can store strong passwords, flag reuse and help you avoid fake login pages. Check out the best password managers reviewed in 2026 at CyberGuy.com.

IF SOMEONE ACCESSES YOUR EMAIL, THEY OWN EVERY ACCOUNT YOU HAVE. THESE 3 YEARS COVER WITHOUT GOOD

Passkeys allow Microsoft users to sign in with a fingerprint, face scan, device PIN or security key instead of waiting for a text code. (Jaap Arriens/NurPhoto via Getty Images)

Kurt’s priority is taking

Microsoft’s move away from SMS codes may sound innocuous at first. However, the old text coding system has many weak points. The pass key will not make you invincible. No security tool can promise that. However, it can make account theft more difficult for fraudsters who rely on fake login pages, hacked codes and SIM swapping tricks. If your Microsoft account holds years of email, family photos or work files, this change needs your attention. Set a password, verify your backup email and remove old access options.

Can you trust a text message to protect your most important account, or is that comfort a risk? Let us know by writing to us at CyberGuy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS PROGRAM

Sign up for my FREE CyberGuy report

• Get my best tech tips, emergency security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by the millions who watch CyberGuy on TV every day.
• Plus, you’ll get instant access to my Free Scam Survival Guide when you join.

Copyright 2026 CyberGuy.com. All rights reserved.