Skip to main content
EU Login Portal
SMS phase out banner

SMS authentication phase-out in EU Login – strengthen your digital security

In an ongoing effort to enhance digital security and protect user identities, the European Commission has announced the phase-out of SMS-based multifactor authentication (MFA) for EU Login. This transition is to be completed by mid-2025.

It is guided by the EU Login Steering Committee and the Information Technology Cybersecurity Board (ITCB) of the European Commission.

Enhancing security – why is the phase-out important?

While SMS-based authentication was once a common verification method, it has become increasingly vulnerable to cyber threats such as phishing, SIM swapping, and message interception. Given the heightened risk landscape, these vulnerabilities pose significant threats to user accounts. 

With EU institutions, bodies and agencies (EUIBAs) facing daily cyberattacks, securing access through stronger MFA methods is a crucial step in safeguarding user identities and institutional data. In addition, maintaining SMS authentication incurs high operational costs, making it a necessary decision to move toward alternatives that are also more secure and efficient.

Secure login alternatives

To ensure continued access to EU Login and its associated applications, users are encouraged to switch to one of the following secure authentication methods, depending on their preferences and specific requirements:

  • EU Login mobile app (recommended). A simple and secure option that offers biometric protection and offline QR code authentication;
  • Electronic ID (eID) cards. Authentication through national electronic ID solutions, e.g., itsme in Belgium; 
  • Security keysPhysical devices that connect to a computer via USB, Bluetooth or NFC;
  • Trusted Platform Module (TPM). A Computer chip available on many laptops and desktop computers for seamless authentication.

General publications28 February 2025
Find your EU Login Authentication Options

Users can still use SMS until mid-2025. There is still time to make the switch, and even after mid-2025, users will still be able to set up an alternative authentication method. However, please be aware that this could temporarily interrupt access to the Commission’s digital services.

Commitment to enhanced security

The European Commission is committed to strengthening cybersecurity measures across all digital services. The transition away from SMS authentication is a proactive step toward mitigating cyber risks and maintaining the highest security standards for EU digital platforms.

This initiative is guided by the EU Login Steering Committee and the Information Technology Cybersecurity Board (ITCB) of the European Commission.