Many people have chosen SMS or phone calls as a method for confirming their identity when required by our multi factor authentication systems. However, these do have their flaws.
1) It relies on a phone signal, which can be difficult to get at times. We have had reports of mast problems in people's local area, long term "not-spots" (including the St. Asaph office on certain networks), and people not being able to receive calls or codes due to changing a number or other general account issues.
2) They are not secure methods. They aren't encrypted, can be vulnerable to SMS-phishing attacks (known as SMiShing), and there are even instances where attackers have been able to dupe phone companies into sending a new SIM for the target's phone number directly to them to bypass MFA. This is a common method to hack into celebrities' social media accounts as many of their Data Protection questions such as Date of Birth are already in the public domain, but is possible with many people as they will willingly post this information on social media.
The recommended method is to use an Authenticator app on a phone that is regularly used, even if this is your personal phone.
To change your settings:
1) Go to https://mysignins.microsoft.com/security-info and choose Add method.
2) Choose Authenticator app.
3) You will be prompted to download the app. The safest way to do this is to follow the Download Now option on screen and use the QR code on the screen with your phone so you are directed to the official Microsoft Authenticator app. Once it is downloaded, click Next on screen.
4) You will be prompted to scan another QR code in the Authenticator app so the two systems can be linked. Do this when prompted.
5) You will then need to test the system to prove that you can sign in.
6) Once this is complete, it is recommended that you delete the phone number so this is not left as a "back door" for others to attempt access.