Microsoft to Retire SMS MFA as Google Expands Passkeys

Microsoft and Google are pushing phishing-resistant workplace authentication as cyberattacks targeting digital identity intensify. Google Passkeys: On July 13, Google Credential Provider for Windows (GCPW) updated to support FIDO2-compliant physical security keys. These keys act as a second factor at the Windows login screen and can be paired with nearby Bluetooth-connected mobile devices. Google Workspace administrators can enforce 2-Step Verification (2SV) via the Google Admin console, with users prompted to complete enrollment (Google Prompt, authenticator app, security key, or phone number). Microsoft Entra ID Passkeys: Starting September 1, Microsoft will make passkeys the default authentication experience in the public cloud version of Microsoft Entra ID. Users currently using default SMS or voice authentication will be migrated automatically to passkey registration at their next multifactor authentication prompt. By February 1, 2027, Microsoft-provided telecom delivery for SMS and voice will be retired; customers needing alternatives can use telecom partners through the Microsoft Security Store and bear telecom costs. Microsoft recommends moving users to passkeys or another phishing-resistant method as soon as possible. Why it matters: Passkeys are passwordless cryptographic credentials tied to specific users and devices, helping reduce phishing and account takeovers compared with SMS/voice codes and traditional MFA.
Neutral
This is an enterprise cybersecurity/identity update (passkeys replacing SMS/voice MFA). It is not directly tied to crypto protocol changes, token emissions, or exchange operations. In the short term, it may have limited sentiment impact on crypto by reinforcing the broader “security hardening” narrative around digital identity. In the long term, stronger authentication standards (passkeys) can reduce account-takeover risk for wallets, exchanges, and custodians, which is generally supportive for ecosystem safety—but it remains indirect and gradual. Similar past security-industry shifts (e.g., broader MFA adoption after major breach waves) typically affected headlines more than prices, so the expected market impact is neutral.