Passwords Abandoned, Many Move to Their Replacements

Passwords Have Been Abandoned, and Many Are Moving to Their Replacements

Jakarta, CNBC Indonesia - Microsoft is moving away from the traditional method of using passwords to access accounts. The company announced it will no longer conduct authentication via SMS and will soon retire that feature.

Microsoft explained that the removal of the feature is because SMS-based authentication is often a source of fraud, citing Tech Radar, Thursday 21 May 2026.

There was no timetable given for when the phased removal would be completed. However, Microsoft emphasised that there will be passwordless authentication that is secure and user-friendly. Previously, Google had also introduced passkeys that do not require passwords to access accounts.

“Moving to passwordless accounts, passkeys, and verified email, we help you stay one step ahead of evolving threats while making access to accounts simpler and smoother,” Microsoft said in the announcement.

Typing something, as with password or OTP, is prone to be forgotten or stolen. Passkeys work differently from that method, using cryptographic keys stored on the device and the service.

The device will prove it has the correct key when the user signs in. This is done via fingerprint, facial recognition, or a PIN.

Passkeys are considered more secure because the secret key never leaves the device. They are believed to be free from phishing or data leaks.

Many regard passkeys as the superior solution to replace passwords. Yet not everyone agrees with that view.

A 2025 SquareX study found a vulnerability in the system. When there is a biometric prompt, the system treats it as a security signal.

“Unknown is that attackers can easily forge passkey registration and authentication by intercepting the passkey workflow in the browser,” said SquareX researcher Shourya Pratap Singh.

“Nearly all enterprise and consumer applications, including banking apps and other important data storage, are at risk,” he added.