Social Security and/or Other Online Federal Government Accounts Again Requiring Mandatory Security Code Verification in Addition to User Name and Password

MAY 2017 UPDATE

This time they are making an email option available along with the previously aborted text messaging option. This should indeed keep the poor people (of which I am one) from being shut out of their accounts. It is nice to see that Social Security is finally catching up with reality. Here's the informational email they are sending out:

*Start*
Social Security continues to evaluate and improve how we protect what’s important to you. We take this responsibility seriously, and we have a robust cybersecurity program in place to help protect the personal information you entrust to us. Adding additional security measures to safeguard your personal information — but making our services easy to use — is a vital part of keeping you safe and secure.

On June 10, 2017, we will add a second method to check your identification when you sign in to my Social Security. This is in addition to the first layer of security, your username and password. Right now, you don’t have to do anything for this new process. But you may want to sign in to your account to make sure you remember your username and password. Then, when you sign in on or after June 10, you will be able to choose either your cell phone or your email address as your second identification method. Using two ways to identify you when you log on will help better protect your account from unauthorized use and potential identity fraud.

Since my Social Security became available in May 2012, more than 30 million people have created an account. We have always offered a second layer of protection, but only for customers who opted to use it.

Last summer, we added a second way for us to check your identity when you registered or signed in to my Social Security. However, at that time, we only allowed the use of a cell phone as your second identification method. We listened to your concerns, and beginning on June 10, you can choose either your cell phone or your email address as the second way for us to identify you. Since an email address is already required to use my Social Security, everyone can continue to benefit from the features my Social Security provides.

Each time you sign in to your account, you will complete two steps:
  • Step 1: Enter your username and password.
  • Step 2: Enter the security code we send you by text message or email, depending on your choice (your cell phone provider's text message and data rates may apply).
If you do not have a text-enabled cell phone, or you do not wish to provide your cell phone number, you will need to choose your email address as a contact method so we can send you a one-time security code to access your my Social Security account. To ensure you receive the email with the one-time security code timely and it does not go into your spam or junk folder, you can add NO-REPLY@ssa.ov to your contact list. 

We’re committed to using the best technologies and standards available to protect our customers’ data. This new security advancement is just one of the ways we’re ensuring the safety of the resources entrusted to us.

In addition to these security enhancements, we are also upgrading the look and feel of my Social Security, in an effort to create an enhanced customer experience. The my Social Security portal will automatically change its size based on the size of the screen and kind of device you are using – such as a tablet, smart phone, or computer. No matter what type of device you choose, you will have full, easy-to-use access to your personal my Social Security account.

*End*

For Those Who Are Interested, Here's What Happened Before...


2016 UPDATE The text-messaging requirement has been rescinded. Here is Social Security's latest email:

*Start*

On July 30, 2016, we began requiring you to sign into your my Social Security account using a one-time code sent via text message. We implemented this new layer of security, known as “multifactor authentication,” in compliance with a Presidential executive order to improve the security of consumer financial transactions.  SSA implemented the improvements aggressively because we have a fundamental responsibility to protect the public’s personal information.

However, multifactor authentication inconvenienced or restricted access to some of our account holders. We’re listening to your concerns and are responding by temporarily rolling back this mandate.

As before July 30, you can now access your secure account using only your username and password. We highly recommend the extra security text message option, but it is not required. We’re developing an alternative authentication option, besides text messaging, that we’ll begin implementing within the next six months.

We strive to balance security and customer service options, and we want to ensure that our online services are both easy to use and secure. The my Social Security service has always featured a robust verification and authentication process, and it remains safe and secure.

We regret any inconvenience you may have experienced.

There is no requirement that you access your personal my Social Security account as a result of the steps we are taking.  However, when you do access your account, we encourage you to sign up for the extra security text message option.  You can access your account by visiting www.socialsecurity.gov/myaccount.

 *End*

Here is the original post that started it all:


Poor People Can No Longer Access Their Social Security Or Other Online Federal Government Accounts


I am one of the people who cannot afford the monthly, exorbitant cell phone fees. I just received this email from Social Security. Leastwise I can afford internet access (try landline DSL if possible, can save decent money); but for me and millions of others, I guess internet access to our federal government accounts is no more.

*Start*

Starting in August 2016, Social Security is adding a new step to protect your privacy as a my Social Security user.  This new requirement is the result of an executive order for federal agencies to provide more secure authentication for their online services. Any agency that provides online access to a customer’s personal information must use multifactor authentication.

When you sign in at ssa.gov/myaccount with your username and password, we will ask you to add your text-enabled cell phone number.  The purpose of providing your cell phone number is that, each time you log in to your account with your username and password, we will send you a one-time security code you must also enter to log in successfully to your account.

Each time you sign into your account, you will complete two steps:
  • Step 1:  Enter your username and password.
  • Step 2:  Enter the security code we text to your cell phone (cell phone provider's text message and data rates may apply).
The process of using a one-time security code in addition to a username and password is one form of “multifactor authentication,” which means we are using more than one method to make sure you are the actual owner of your account.

If you do not have a text-enabled cell phone or you do not wish to provide your cell phone number, you will not be able to access your my Social Security account.

If you are unable or choose not to use my Social Security, there are other ways you can contact us.  To learn more, please review the Frequently Asked Questions found here.

*End*

And that's the way it is...

1 comment:

  1. Sadly, I don't find this shocking.

    ReplyDelete