Microsoft to end SMS two-factor authentication for personal accounts

Microsoft is pulling the plug on SMS-based two-factor authentication because it has become a leading source of fraud, replacing it with passkeys and verified email.
ZDNet

Microsoft won't send you SMS texts for login anymore - why it's pushing passkeys instead

Microsoft is phasing out SMS as an authentication method. SMS messages are unencrypted and vulnerable to hackers. Microsoft account owners will be prompted to set up a passkey instead. When trying to ...
Ars Technica

Millions of people imperiled through sign-in links sent by SMS

Websites that authenticate users through links and codes sent in text messages are imperiling the privacy of millions of people, leaving them vulnerable to scams, identity theft, and other crimes, ...