Jul 31, 2016

New Security Requirements

     From Social Security:
The Social Security Administration (SSA) has added an extra layer of security for our customers when they interact with us online using the my Social Security suite of services. my Social Security account holders are required to use their cell phone, in addition to their username and password, as an additional authentication factor during online registration and every sign in. 
We implemented multifactor authentication (MFA) to comply with Executive Order 13681, which requires federal agencies to provide more secure authentication for their online services. We are committed to using the best technologies and standards available to protect our customers’ data. MFA is just one of the ways we ensure the safety and security of the resources entrusted to us. Since we launched my Social Security in May 2012, we have provided this added security of MFA as an option to our customers.
Now, all new and current my Social Security account holders will need to provide a cell phone number able to receive text messages. People will not be able to access their personal my Social Security account if they do not have a cell phone or do not wish to provide the cell phone number. We expect to provide additional options in the future, dependent upon requirements of national guidelines currently being revised.
     Don't anybody tell Social Security that it's possible to get text messages without a cell phone. 

9 comments:

Anonymous said...

Here, for a bit more detail and less hype -

https://www.engadget.com/2016/07/29/sms-two-factor-authentication-isn-t-being-banned/

Anonymous said...

Speaking of two-factor authentication, all day today the AR site has failed to send me my text message code when I try to access a claimant's file. So glad I'll have a completely up-to-date exhibit file for my Monday hearings!

Anonymous said...

Also not able to have social security send me a text message. Poor website administration. Obviously they are having problems with the system but do not bother to tell anyone. Wait time is 1.5 hours for a phone call.

Anonymous said...

When I saw this I shook my head. Required to have a cell phone and text to get to their account. I know that most people have phones/know how to text. But the people least likely to have this technology -- the elderly and disabled -- are expected to use it to access their accounts! For example, my mom is 83. She uses email and can access the internet. She has not mastered texting. Guess I will try again to teach her... or put my cell on her account so that we can access it.

Anonymous said...

When I read about this I immediately sent a comment to my congresswoman. My go-phone charges me to receive text messages. I fail to understand why a secure access code can't be sent to an email account. Today the social security phone wait was 45min.

Anonymous said...

Yeah, I think most entities that I deal with that use multifactor authentication allow the use of e-mail rather than a cell phone. This includes TreasuryDirect, which you can use to buy and sell Treasuries. If it's good enough for the Treasury Department, I don't see why SSA can't use e-mail.

Anonymous said...

I work at a law firm that represents SSD claimants & came here when I retired after 32 yrs with the SSA.
For all of the yrs that I was with the agency my co-workers & I prided ourselves on providing world-class service. World-class service no longer seems to be a priority with the SSA.
What is the point of making access inconvenient & even difficult for some people?

Anonymous said...

It is a pain in the butt I know that. I would have preferred a longer password field apposed to a 2nd factor device. While the blog is correct, you don't need a physical phone to receive texts you still need to authenticate yourself on whatever medium you choose to receive text messages on thus making it a 2nd factor device. None the less I still think a lengthier password field would be better. 2nd factor seems to be the norm now a days though with banks and even social media drifting towards it.

EdMeyer said...

...If you have no cell phone...you can no longer log on.... They require a cell phone to log onto their site, but cannot allow an ID to be required to vote...... Logical? The ONLY reason that they require a cell phone, is so that they can track Social Security recipients.... Period.