microsoft outlook security info renewal


Hi. When logging into my microsoft outlook e-mail account I got a message saying that microsoft was about to ditch verification by phone. Was the phone verification system getting too costly to operate for microsoft, a company that has billions of dollars?

What do you guys recommend so that I don't get locked out of my e-mail address? The only choice microsoft is giving me is adding an alternate e-mail address, so adding another layer of trouble. The provider of that alternate e-mail address could also decide to lock me out, or they could go down, anything could happen really.

Do we know why microsoft is ditching verification by telephone?


Staff member
Ask Microsoft. Signup for a gmail account and use that for security. Gmail won't be going anywhere.


Staff member
It's for security reasons. SMS and SIM hacking are becoming common. They're less secure methods of 2FA over something like a 2FA app or token.
Pretty much this. If you can compromise SMS at the carrier level and use account recovery leveraging text/call then you can compromise the account. If you can migrate 2FA to an authenticator app like Duo or similar then you remove or modify that attack vector.


Interesting. The message I got only talked about phone call verification. It even said something like "S-M-S verification isn't going away, change your phone number to one to which we can send text messages", which I don't have.

They barely even talk about phone call verification in the articles, and strangest of all they say that SMS 2FA actually strengthens account security by a lot. Is this nothing more than "preventive medicine" garbage from the security fetishist weirdos at microsoft?
Don't they also say that most compromised accounts are business accounts? Why should it be my problem or anyone's else problem? It's their job to find a more secure alternative, regular users of the service have nothing to do with it.

Have a look at Alex Weinert's twitter account, he seems like a really shady person. I have a feeling that the security fetishists that are rampant in these rotten tech companies are a bigger threat to the integrity of our accounts than an actual real hacker.

I have a Gmail account and when I tried logging into it they said that they didn't recognize my computer and they didn't have enough information about me to let me in. So I guess that account is bricked unless I get in contact with them somehow. So according to microsoft, using an unreliable third-party for verification is better and more secure than 2FA phone calls, which they themselves said in the articles was really secure?