For years, entering a six-digit code sent to your phone has been the global standard for online identity verification. But that era is coming to an end in Windows.

Microsoft has confirmed it will stop sending SMS codes to personal accounts, effectively phasing out text messages as a means of two-factor authentication and account recovery.

The company explained in its support documents that this change is part of its commitment to enhancing security standards. SMS codes will be replaced with password-free alternatives such as passkeys, authenticator apps, and verified backup email addresses.

Microsoft's decision to abandon SMS authentication stems from the fact that text messages are no longer a secure way to protect digital identity. Text messages travel as plain text over communication networks, making them vulnerable to interception. Furthermore, SIM swapping attacks have become common, allowing hackers to transfer your phone number to another device and easily obtain authentication codes.

Microsoft believes that the future of security relies on password-free technologies. Therefore, the company is adopting passkeys, a modern security standard resistant to phishing attacks.