• Hey Guest. Check out your NeoGAF Wrapped 2025 results here!

Microsoft is removing SMS codes for signing into personal Microsoft accounts, including Xbox accounts

Lunatic_Gamer

Lunatic_Gamer

Gold Member
microsoft-windows-11.jpg




Soon, you won't be able to use SMS for login verification or account recovery. Microsoft says the change is for security reasons, as text-message codes are vulnerable to phishing, SIM swaps, and other attacks.

Switch to more secure sign-in methods now, such as:
>Passkeys
>The Microsoft Authenticator app
>A verified backup email address

Microsoft views SMS as a leading source of account compromise and is shifting toward more secure, passwordless options.

fNnAucZ8utoEtDJy.png
 
For once, MS is correct. This is a good measure.
Also consider its not necessary to use the MS Authenticator app. I'm using Proton. But its possible to use any other.
 
Last edited:
FUCK. I just got out of a crazy ass two year loop and added my phone my chance this is bullshit

Authenticator kicked my email account cause some asshole (or crazy EX) kept trying to login 1000x times so I was in limbo for like 24 months

eh I'll figure something out at least they didn't pull a steam/psn they both deleted my old accounts for no fucking reason
 
Last edited:
This may be something different but it bothers me that when you login to xbox.com typing your password (manually or from the browser's password storage) isn't the default method. I could understand that when trying to recover the account, but why make it harder for a simple login, especially when it's the same PC and browser and nothing's changed on my end.
 
Last edited:
Lunatic_Gamer said:
>The Microsoft Authenticator app
Click to expand...
This is so bullshit. Why can't you use any authenticator app we want like 2FAS? Sony allows use of 3rd party authenticator apps. Microsoft Authenticator is worse than Google Authenticator, once you connect any account with Microsoft you can't transfer it to anywhere else, its forever locked in.
 
I had to relink my Microsoft account to my PSN account again yesterday so I could play Sea of Thieves. Not sure why it keeps unlinking but that's probably the 4th time I've had to do it since the game launched on PS5. The only way I could verify my account was with SMS code as email wouldn't come through. I would have been stuffed without it.
 
Witchilich said:
This is so bullshit. Why can't you use any authenticator app we want like 2FAS? Sony allows use of 3rd party authenticator apps. Microsoft Authenticator is worse than Google Authenticator, once you connect any account with Microsoft you can't transfer it to anywhere else, its forever locked in.
Click to expand...

You can.
For example, I'm using the proton Authenticator App, for my Microsoft account, and Google, Amazon, etc.
 
Their stupid fucking system doesnt recognize my password 8 times out of 10 so the sms is the second fastest way to login, how am i supposed to log in now?

Fix your stupid password recognition pattern you fucks.
 
Reizo Ryuu said:
Add an email to the account to send codes to
Click to expand...
I have that one but gmail has always problems and half the times the code doesnt arrive, or arrive after hours.

I should not be forced to do all of this shit because their system doesnt recognize my password, they need to fix this shit, not giving me a bend aid ..
 
Last edited:
GymWolf said:
I have that one but gmail has always problems and half the times the code doesnt arrive, or arrive after hours.
Click to expand...
strange.
The way I have it set up is, because my main ms account cannot receive emails, I have another ms account basically for spam, this is what I use to send the codes to, but I have a message rule set up so it will forward anything from ms security to my gmail, so it always arrives instantly.
I recently had to get into that email via different means and they wanted a second email for it as well, so I added my gmail temporarily and the code arrived instantly as well 🤔
 
Last edited:
Witchilich said:
This is so bullshit. Why can't you use any authenticator app we want like 2FAS? Sony allows use of 3rd party authenticator apps. Microsoft Authenticator is worse than Google Authenticator, once you connect any account with Microsoft you can't transfer it to anywhere else, its forever locked in.
Click to expand...

That's not true, the protocol is universal, you can use whichever you want. I myself have two 2FA apps (Microsoft Authenticator and Aegis Authenticator) for the same account in some cases.
 
Wolzard said:
That's not true, the protocol is universal, you can use whichever you want. I myself have two 2FA apps (Microsoft Authenticator and Aegis Authenticator) for the same account in some cases.
Click to expand...
Yeah but Microsoft really does not provide the QR codes or any other way to transfer to other apps. You can transfer from Aegis to Microsoft Authenticator, hence you have both, but you can't do the reverse. Even Google allows you to transfer to other apps.
 
This is one of the rare moves I'm fully behind MS on. Weak methods of security need to be phased out entirely and replaced with competent security standards (especially with banks, cell phone services, and other sensitive account types).
 
Last edited:
Witchilich said:
This is so bullshit. Why can't you use any authenticator app we want like 2FAS? Sony allows use of 3rd party authenticator apps. Microsoft Authenticator is worse than Google Authenticator, once you connect any account with Microsoft you can't transfer it to anywhere else, its forever locked in.
Click to expand...
Like others already said, you can use other 2fa apps. I use Authy for a few (cant export so stuck there) and Aegis Authenticator for the rest.
 
Witchilich said:
Yeah but Microsoft really does not provide the QR codes or any other way to transfer to other apps. You can transfer from Aegis to Microsoft Authenticator, hence you have both, but you can't do the reverse. Even Google allows you to transfer to other apps.
Click to expand...
You never "transfer" MFA soft tokens across devices as they're cryptographically locked to the device itself.

You can however, simply setup multiple soft tokens across multiple devices to independently authenticate to the same account by any one of them.

If you're locked out of your account because you've lost your device, you can contact their customer services team, get them to temporarily disable MFA or use an alt verified email to get access and then setup a new MFA device as needed.
 
Last edited:
Witchilich said:
Yeah but Microsoft really does not provide the QR codes or any other way to transfer to other apps. You can transfer from Aegis to Microsoft Authenticator, hence you have both, but you can't do the reverse. Even Google allows you to transfer to other apps.
Click to expand...

Now I understand exactly what you meant, it was about transferring accounts between apps. Microsoft Authenticator doesn't actually have that feature. But I don't think it's a big problem, just go to your original account and add another 2FA. It's something you'll only do a few times.
 
winjer said:
For once, MS is correct. This is a good measure.
Also consider its not necessary to use the MS Authenticator app. I'm using Proton. But its possible to use any other.
Click to expand...
Does Proton work with Playstation? Also, does it have like an account attached to it? I worry that I have this on my phone, but if I lose my phone how do I recover this access to the authenticator?
 
archangelmorph said:
If you're locked out of your account because you've lost your device, you can contact their customer services team, get them to temporarily disable MFA or use an alt verified email to get access and then setup a new MFA device as needed.
Click to expand...

When my cell phone was stolen, I was using SMS as 2FA, so I was "locked out" from my accounts. I easily managed to recover my Microsoft, Steam, and Gmail accounts. However, the PSN, oh my God, was a nightmare. They wanted me to send the serial number of the console I last logged into (I had already sold the PS4), the card used, and the details of my last purchase. I told them I didn't have that information, I even sent the purchase details I found in an email, but they still refused to reset my 2FA. The next day, I tried again and I had been blocked from accessing support for a few days! WTF!

Some time later I tried again and was assisted by another attendant who reset my 2FA in less than 2 minutes. And he only asked me to confirm some basic information.
 
archangelmorph said:
You never "transfer" MFA soft tokens across devices as they're cryptographically locked to the device itself.

You can however, simply setup multiple soft tokens across multiple devices to independently authenticate to the same account by any one of them.

If you're locked out of your account because you've lost your device, you can contact their customer services team, get them to temporarily disable MFA or use an alt verified email to get access and then setup a new MFA device as needed.
Click to expand...
No. With 2FAS you can do this, there is a way to "Export" your tokens.

And I believe you can do this with Aegis as well.

I was more talking about transferring from Microsoft Authenticator to another Authenticator app


You can do this with 2FAS, Aegis and Google Authenticator. But you can't export from Microsoft Authenticator. You are forever locked in to that app.
 
yeah that authenticator app sure is handy when your phone breaks and there is no easy way to switch it to a new phone without a huge hassle.
 
RoboFu said:
yeah that authenticator app sure is handy when your phone breaks and there is no easy way to switch it to a new phone without a huge hassle.
Click to expand...

I know that the Proton Authenticator has an option to sync between devices. So it's very simple to change phones.
Other authenticator apps, probably also have similar features.
 
GymWolf said:
I have that one but gmail has always problems and half the times the code doesnt arrive, or arrive after hours.

I should not be forced to do all of this shit because their system doesnt recognize my password, they need to fix this shit, not giving me a bend aid ..
Click to expand...
I think it may be an issue on Microsoft's side, maybe their infrastructure for notifications is shit or there are some obstacles along the way. When I'm buying or redeeming Xbox games I often get an e-mail confirmation hours later. There are no problems when it's a purchase from the PS Store or a site like Instant Gaming / Kinguin - they arrive almost instantly.
 
For me this sucks, because I often simply don't get the push notification for the MS authenticator or it says an error occurred and then SMS is the quick alternative

I gotta do this like 8 times a day
 
Last edited:
MrRibeye said:
For me this sucks, because I often simply don't get the push notification for the MS authenticator or it says an error occurred and then SMS is the quick alternative

I gotta do this like 8 times a day
Click to expand...

Looks like you are using a passkey. Not an Authenticator.
 
winjer said:
Looks like you are using a passkey. Not an Authenticator.
Click to expand...
Nah man, it sends a push notification to my phone app and then I gotta type in the two digits displayed on my PC. If it doesn't send the push notification, I gotta use SMS or something else
 
You must log in or register to reply here.

Similar threads

The Verge: Microsoft brings Xbox back, scraps Microsoft Gaming
2
85
811
HerjansEagleFeeder replied
Microsoft Xbox Helix My Thoughts
45
476
Magic Carpet replied
Microsoft is giving its Xbox employees an Xbox email address
News  2
92
725
Ryseer replied
Microsoft isn't removing Copilot from Windows 11, it's just renaming it
News  2
81
947
StereoVsn replied
Microsoft quietly retires "This is an Xbox" marketing campaign
News  2 3
135
1K
mitch1971 replied
Top Bottom