Frauds & Scams

New Online Security

August 3, 2016 • By

Reading Time: 2 Minutes

Last Updated: November 3, 2023

MFAWe’ve added an extra layer of security for our customers when they interact with us online. Now, my Social Security account holders are required to use their cell phone — in addition to their username and password — as another authentication factor during online registration and every sign in. An authentication factor is information used to determine if someone is who they claim to be.

This extra layer of security is called “multifactor authentication” and complies with an executive order requiring federal agencies to provide more secure authentication for their online services. Any agency that provides online access to a customer’s personal information must now use multifactor authentication.

Since my Social Security became available in May 2012, almost 26 million people have created an account. We have always offered multifactor authentication, but only for customers who opted for extra security. For your protection, we now require multifactor authentication for all my Social Security users. To register and sign in, you must now enter a security code that we will send to your cell phone. Your cell phone provider’s text message and data rates may apply.

Our research shows that an overwhelming majority of American adults have cell phones and use them for texting. Because of technical and resource constraints, we are not currently able to offer alternative methods of satisfying this security requirement. However, we may consider adding more options in the future. We appreciate your patience as we work continuously to secure your online information.

We’re committed to using the best technologies and standards available to protect our customers’ data. Multifactor authentication is just one of the ways we’re ensuring the safety and security of the resources entrusted to us. Visit my Social Security to learn more about this helpful suite of online services, including additional details about our latest security measures.

Did you find this Information helpful?

Yes
No
Thanks for your feedback!

Tags: ,

See Comments

About the Author

Jim Borland, Assistant Deputy Commissioner, Communications

Jim Borland, Assistant Deputy Commissioner, Communications

Comments

  1. Michael M.

    I do not have a cell phone. However, you can send a text message to my email address. Just enter my email address in place of a phone number. The text message will be sent to my email.

    • Judith

      Really? I didn’t know that.

      • Mike

        Yes. I have been receiving text messages in my email from friends & family for about a year. I can reply to their text from my email, & it will be converted to a text on their phone.

        • Melissa

          How does that work? How did you start doing it? Is there something that has to be downloaded for it to happen?

  2. Gail L.

    Does providing my cell phone number also authorize people to use my cell phone to contact me to sell me goods or services? My cell phone is on the National “Do Not Call” registry but I’m still getting “junk” calls.

    • BB

      same here, I still get junk calls too!

      • Melissa

        Me too … on the Do Not Call Registry and I get SPAM calls every day. Literally every day.

  3. Joe A.

    I Do Not Have A Cell Phone ! I would Like To See You Add Home Phone To Social Security ! Thanks Joe

  4. Teresa

    I have NO CELL PHONE and can’t afford the extra expense of getting one, so I guess I’m locked out.

  5. T.G.

    So at this point the ‘my Social Security’ website is not available to anyone who doesn’t have a cell phone?? While extra security is laudable, and yes the majority of adults do have a cell phone these days, but I & some others I know currently do not own a cell phone & do not have a need for one at present. I have consistently accessed my account at ‘my Social Security’ but now I guess I won’t be able to. My advice: please don’t assume everyone has a cell phone & offer another means of authentication to those who do not. Your article mentions: “Because of technical and resource constraints, we are not currently able to offer alternative methods of satisfying this security requirement. However, we may consider adding more options in the future. We appreciate your patience as we work continuously to secure your online information.” Your immediate attention to this area would be appreciated by those of us who would like to use the website, but do not currently own a cell phone. Thanks.

  6. Judith B.

    I live outside the US. I am unable to receive a text message unless you can dial my cell phone preceded by the International Code. Unless you can dial 011-52 before my 10-digit cell phone number I can’t see my account on-line. Am I right? This is a major inconvenience.

    • Alfonso P.

      Same happen to me I live outside the US and I am unable to receive a text message unless sender dials my cell phone preceded by the International Code. Unless sender dials 011-57 before my 10-digit cell phone number I can’t receive a text message from US.

      • Ray F.

        If your cell phone can receive texts, you will still be able to access your account but keep in mind that your cell phone provider’s text message and data rates may apply. If you are overseas and cannot receive text messages or are concerned about roaming charges, you will not be able to access your account. Our webpage Services Around the World provides important information for our customers residing overseas. Please contact the nearest U.S. embassy or consulate for assistance related to Social Security benefits.

        • Judy

          I’m not giving out my number. I don’t trust the government enough for that. They’re to intrusive as it is. I just won’t use “mysocialsecurity” again.

    • Ray F.

      Thank you for your comment Judith. If your cell phone can receive texts, you will still be able to access your account but keep in mind that your cell phone provider’s text message and data rates may apply. If you are overseas and cannot receive text messages or are concerned about roaming charges, you will not be able to access your account. Our webpage Services Around the World provides important information for our customers residing overseas. Please contact the nearest U.S. embassy or consulate for assistance related to Social Security benefits.

  7. Donna

    I don’t want my cell phone number published with the govt. Don’t they still phone numbers? I don’t want my phone number sold for marketing purposes.

    • CIndy

      I agree I will not release my cellphone number to Facebook either. I am not having my number shared. Next thing the website get hacked, and now the hacker has more personal information besides my date of birth, social #, address, and then my private unlisted phone number too. NO way. You need to make it work so the security number you send can be emailed instead of texting.

    • bettyg

      Bruce and Donna,

      I completely agree with you both!! SAME HERE!

      DON’T punish all those who can NOT AFFORD CELL PHONE!!

      they can’t get by as is!

      bettyg, iowa

      • Rahel S.

        I DO NOT have a cell phone ! I am Deaf, and have a hard enough time as it is trying to use a CAPTIONED phone. I join Betty G, Donna, and Bruce in protesting this new policy. WHO CAN afford another phone just to contact your SS office?? Either use land lines or email….

        • Rahel S.

          You just gave me ANOTHER reason for NOT using a cellphone to contact you…WHERE DID YOU GET THAT PHOTOGRAPH?? No, I know where you got it. It is new and I haven’t even PUBLISHED anything yet…I should trust you with a cell phone #?? Get real!!

          • AYISSI J.

            Yes that you phone is good l need in seller give on to AYISSI JOACHIM RUE MARCHE CENTRAL POBOX 17474 NEW-BELL DOUALA CAMEROON 17474

        • Ray F.

          Hi Rahel. We have special services to help people deaf or hard-of-hearing. Click here for more information.

      • Jeff C.

        Ditto to that!

    • Ray F.

      Hi Donna. We only use your cell phone information for access to your personal “my Social Security “ account. We will not use your cell phone number for marketing purposes.

      • CB

        Can you guarantee it will NEVER be hacked and if so you will incur the cost of the identify theft and hire someone to change our cell phones and update the new numbers?

      • ExITguy

        Is the cell phone number encrypted in your databases? Are these databases accessible offshore and thus outside US jurisdiction? Let’s face it, the government can’t even manage the “Do Not Call” list.

  8. Doug

    If I’m reading this correctly, this is a DUMB idea. How do those of us who don’t have a cell phone with texting capability access our account?

    • Jo

      I agree fully. I have a basic cell phone that is only used for emergencies. No way to receive a text message with a code to use. Please rethink this or add an alternative. Maybe a code sent to your email address?

      • Meherwan

        Or even by regular landline phone.

        • ExITguy

          Unfortunately, some state governments are making plans to make landlines obsolete.
          Google: “States move toward making endangered land lines extinct”

    • Sunnie S.

      I wholeheartedly agree

      • Bruce

        Long time “Mysocialsecurity” user… but no more. Yes I have a cellphone, but no texting. This new ‘security measure’ is too restrictive. It’s your responsibility to find a way for the rest of us to continue to use the system. Get to work!

        • renae r.

          I don’t own a cell phone. I don’t own one because I can’t AFFORD one. Is Social Security going to PAY for one for me? (Even if only one that only accepts texts from them?) I live outside the country. The MySocialSecurity site was the only way to keep up with what was going on with my account as mail from them was taking weeks to get to me. Now? I have to go thru an Embassy? Are you kidding me? Do they have any idea of how long it takes to get an appointment at a Consulate? Just when did the burden of administering this program fall on us? Social Security is fast becoming Social INSecurity.

          • Ray F.

            Our webpage Services Around the World provides important information for our customers residing overseas.

        • Ray F.

          Your comments are well taken Bruce and we assure you that we are continuously working to further improve the services we offer. We are limited to text messages for the initial multifactor authentication (MFA) implementation due to technical and resource constraints. We may consider adding additional options in the future. For more information about our MFA process, check out https://www.ssa.gov/myaccount/MoreInformationAboutMFA.html. Thanks!

          • Jim

            You should have developed other options BEFORE you made this change…any bank could tell you how to authenticate…..you just killed my ssa because I don’t have cell

          • Omar M.

            Here we go with the usual and customary bureaucratic BS!. If you are currently limited to the initial multifactor authentication procedure, you needed to wait till you got all your ducks in a row. But, based on the initial Obamacare srewups we all were exposed to, no surprises here, Mr. Fernandez. SSA is just following the same path all other government agencies have embarked upon: Throw the decreed crap against the wall and see what sticks!!

          • Katara Z.

            There are 5 possible solutions that folks with an internet connection can use for texting from computers to receive SSA texts in this article http://mashable.com/2014/06/16/text-from-laptop/#AFkf7YpXyEqG

          • ExITguy

            First, you just spent budget and resources on making your service user-hostile which is hardly an improvement.
            Second, the rest of your email is a waste of bandwidth. when it is clear from your words there is no forward planning. As for possibly having to go to a foreign US Embassy – so now you also want to put an aging population in harm’s way just because you can’t secure data from the inside? First, don’t outsource these systems – there are plenty of technologists in the USA, me included, who would jump at a change to do it right. PS: have someone make this text box bigger so I don’t have to scroll up and down so much! (Also a user-hostile design feature). If nothing else, re-code so this feature is only require if I want to change data, noy if I just want to view it.

          • Anonymous

            You are restricted based on resources and technical constraints to only SMS?

            Um… what about fuckin’ email? LOL.

    • Kathleen w.

      Agree with you.

    • Bob

      I don’t get cell service at my house. Guess I don’t need to know whats going on with my account.

    • BB

      Because of this stupid idea, you would have to mail your response at which time you want receive anything for 6 – 8 weeks. thats the government for ya!

    • anthony

      Agree! This is ridiculous! I do not have texting and refuse to use it. My cell phone is for emergency only. Please stop this madness and you expect us to pay for texting charges..
      .shame on you!

    • Ray F.

      If you do not have a cell phone, you will not be able to access your personal my Social Security account. Please visit our website at socialsecurity.gov/agency/contact/ to learn other ways to contact us. Also, see our Frequently Asked Questions web page for more information.

      • Nguyen

        I do not have a cell phone. However, you can send a text message to my email address. Just enter my email address in place of a phone number. The text message will be sent to my email. That is good idea….

      • ExITguy

        This should be public information: How much did this project cost?

      • ExITguy

        A simple question. With which entities such as AARP, AMA, FCC (who ought to know about cell phone signal coverage) and similar bodies who care about the elderly and disadvantaged, was this asinine concept discussed before implementation?

      • Marty

        Typical canned response from a government agency. This is what happens when government agencies AND other businesses are allowed to layoff older workers who would have told them, up front, how stupid and impractical they are being to implement such an ignorant plan.
        You want to send us to a SS office that cut back on staffing because of the availability of online services? Wait a whole day in an under staffed Government office? How “special”!

      • sdfgsdfgsdfg

        ILLEGAL DISCRIMINATION by a US government agency. Requiring someone to have a cellphone to access government services is ILLEGAL.

    • mikl

      SSA says no, you can not access and gives no other option. Sorry.

  9. Emmanue B.

    Hi,
    l hope you are fine. l am Deaf Emmanuel Kofi Botwe form Ghana and move to Stockton. l want to job. Please l need a social security .
    l say thank you

    • John O.

      Take your SPAM somewhere else.

  10. Nelson C.

    Evidently you’re committed to making it impossible to use My Social Security.
    Extra burdens do NOT make things more secure.
    Thanks for nothing.

    • Bob

      Extra burdens do not make extra security …. ? But our government is not concerned about the 5 million who don’t have texting phones, it’s the other 21 million tax payers that are being considered.

      • human b.

        This must be for new accounts because I can sign into mine without a cell phone unless I signed in with a cell phone initially. I don’t like using a phone because someone can maybe track your phone number with you. They use that code number for a lot of things even signing into an email account from a different location and I don’t like how you can’t block your email letters from being forwarded. You may be able to from your own computer or someone with that added feature. It’s confusing and a little hard to find out exactly how it is done. People should be a little more paranoid. Life is not to be lived finding angles and mine has been that way since a small age. humancrime@Hotmail.com.

    • Randy

      I don’t know what the fuss is all about. The government can’t protect their own data from hackers or other governments more or less ours. This is nothing but a case of the government letting us know who is in charge.

    • Terri

      There were other ways to offer security. SSA deals with many adults, most with no cells. Why didn’t you make it something else re: DOB, where they were born,etc., you really make things hard for the elderly.

      • BB

        Very true.

        • Nancy K.

          How true… Some people don’t have cell service where they live. This is not the way to go about it. Send the code to email, if you must use a code. Or, require something only the person would know. Some of us don’t have the ability to text. So what are we supposed to do?

          • Joyce G.

            I do not have a cell phone. What do I do?

          • Ray F.

            We encourage our customers who will not be able to access their personal my Social Security account without a cell phone to visit our website at http://www.socialsecurity.gov/agency/contact to learn about other ways to contact us to access their benefits information.

        • CB

          It’s the tip of the iceberg. They can now track you with the GPS built into the phone at any time.

      • sue

        SO TRUE!

      • thewamp

        I really appreciate all of the comments that are being shown that hopefully are telling our government what they should have already known before requiring everyone to be able to receive a text message in order to access our Social Security account via our computers. I am wondering if this requirement is also needed to access our Medicare information.

    • Elizabeth Z.

      My IRS account was hacked 2 years ago it made it difficult for me to buy a new house so what will it do to me when my Social Security account is hacked the government can’t keep us safe from hackers anymore so leave my cell phone alone it is for me to use not the government

      • BB

        right

    • anthony m.

      no cell phone no access to social security. How can you be so stupid, or is it a way to get rid of old folks. It really sounds stupid enough to bwe a conspiracy; I truly expect there is something I do not know, blah blah blah but if this is real, wtf!?!

    • Clark R.

      I must have a cell phone? Are you kidding? Gee, which cell phone manufacturers are you endorsing? Which ones are favored by the SSA?

      • Bob

        I setup an account on http://pinger.com/ – Textfree web.

        This lets you get text messages on your pc. You then get the number needed to enter to get into mysocialsecurity.

      • human b.

        my free phone and others have all been interfered with. Landline have been interfered with ever since I can remember. And, these are people that will say they’ve been involved with my mental health and who I live with and all of that! They kept me poor so I don’t have a chance to run and they tell authorities they were only handing out anti psychotic drugs to me and nothing illegal? That’s not true. They had illegal drugs in the home I stayed in with them.

    • CER

      Two factor authentication is not a bad idea, but having only one means of receiving the second factor is a very bad idea. Every other institution I deal with gives you a choice of 1) text message, 2) voice message on land line or cell phone without texting capability, or 3) email. This is sensible and doesn’t leave out a large number of citizens who don’t have or want to use the texting feature. Additionally, if something happens to your cell phone you may have to wait weeks to get a reset number from SSA by mail. Cell phone are much more likely to be lost or stolen than are landlines or email accounts, so this SSA decision to limit to texts will create a lot more grief in the future than if they had chosen to offer the usual options listed above. I’ll write my congressman to oppose this if you will!

    • Taxspeaker

      In this era of identity theft my wife and I blocked our credit a few years ago. Little did we know that we would never be able to use mysocialsecurity again.

      Any common sense here? In trying to provide for our own online security the government wants me to take unacceptable chances. Thank you also for nothing.

    • ExITguy

      “Our research shows that an overwhelming majority of American adults have cell phones and use them for texting. Because of technical and resource constraints, we are not currently able to offer alternative methods of satisfying this security requirement. However, we may consider adding more options in the future. We appreciate your patience as we work continuously to secure your online information.”
      What about people who pay for every text sent or received? What about people who don’t have or want a data plan? What about people with disabilities, arthritis, vision impairment? This is so typical of government I.T. incompetence. My California healthcare exchange displayed dates in European format for several months. I have financial accounts in three countries – not one REQUIRES a mobile phone. If I want to move or withdraw money, a couple have this one-time code but offer a choice of text, voice or email to get it. Odd how they have “resources” (i.e. money) to do it wrong but nothing left to do it right. What are the chances the website will time out which I wait for the code to arrive and then type it in. If I make a typo does the whole process start over? Incompetence at all level – but since there’s no accountability, who cares – the taxpayer probably pays for the over-the-top pensions anyway.

      • J. A.

        Unbelievable. They cite an “overwhelming majority of American adults” who use cellphones??? How about the majority of Social Security recipients??? That overwhelming majority the speak of probably consists of 20&30-something beeper heads who spend lots of time texting their “buds” and playing online games.

        Question to ponder, SSA. Are you supposed to serve us (recipients) or are we supposed to serve you?

    • J. A.

      Our most secure online connections are with our banks. I have accounts with over a dozen of them. And none of them require cellphone ownership or text messages to access these accounts. Some will ask me to answer a security question I’d previously set up in order to access my account. Others will send me a security code by email which I must enter on their site to access my account.

      Point is, both methods I mentioned are free and don’t require a “hardware” purchase. And for those of us who do own cellphones, some (like me) have to pay airtime charges to receive text messages.

      This security update was not well thought out before it was implemented and needs to be “reversed” – in favor of a free means of security verification like those currently in use by banks.

Comments are closed.