New Online Security
Reading Time: 2 MinutesLast Updated: November 3, 2023
We’ve added an extra layer of security for our customers when they interact with us online. Now, my Social Security account holders are required to use their cell phone — in addition to their username and password — as another authentication factor during online registration and every sign in. An authentication factor is information used to determine if someone is who they claim to be.
This extra layer of security is called “multifactor authentication” and complies with an executive order requiring federal agencies to provide more secure authentication for their online services. Any agency that provides online access to a customer’s personal information must now use multifactor authentication.
Since my Social Security became available in May 2012, almost 26 million people have created an account. We have always offered multifactor authentication, but only for customers who opted for extra security. For your protection, we now require multifactor authentication for all my Social Security users. To register and sign in, you must now enter a security code that we will send to your cell phone. Your cell phone provider’s text message and data rates may apply.
Our research shows that an overwhelming majority of American adults have cell phones and use them for texting. Because of technical and resource constraints, we are not currently able to offer alternative methods of satisfying this security requirement. However, we may consider adding more options in the future. We appreciate your patience as we work continuously to secure your online information.
We’re committed to using the best technologies and standards available to protect our customers’ data. Multifactor authentication is just one of the ways we’re ensuring the safety and security of the resources entrusted to us. Visit my Social Security to learn more about this helpful suite of online services, including additional details about our latest security measures.
Did you find this Information helpful?
Tags: my Social Security, my Social Security account
See CommentsAbout the Author
Jim Borland, Assistant Deputy Commissioner, Communications
Jim Borland, Assistant Deputy Commissioner, Communications
Comments
Comments are closed.
Paul R.
You have violated my right to due process and discriminated against me because of my inability to afford a phone. Even if I had such a device I wouldn’t be able to see the tiny screen. Why can’t a PIN code be verified via email instead? That would at least ensure equal access since libraries have computers with internet access, but not so with phones. It is plain discrimination to those who can’t afford such luxuries that won’t be used for any other purpose.
So now to get my report I will have to buy a $10 disposable phone, get the code, then get a neighbor to read the code to me since I can’t see it, and it will then cost me $10 each and every time I choose to get my report.
Good job making some of the most vulnerable in society even more vulnerable.
R
I guess for the people, by the people doesn’t apply here!
R
For the people, by the people doesn’t apply to this Agency!
Sandy
Started a change.org petition for this because this is the most absurd change these people have done.. locking us out of access to OUR money. https://www.change.org/p/barack-obama-social-security-administration-provide-alternate-access-to-my-social-security-statements?recruiter=583291778&utm_source=share_petition&utm_medium=facebook&utm_campaign=autopublish&utm_term=des-md-no_src-reason_msg&fb_ref=Default
Beverly W.
I attempted to log in to my account and waited for a text which never arrived. I finally gave up trying to get in. Honestly, who came up with this idea? Two factor authentication can be accomplished by having to answer a security question each time – annoying but effective. I don’t have the limitation of not having a smartphone, but this is a poorly designed effort by any measure.
Shirley B.
I would like to add my comments, even if not unique to what’s been already said, to all the previous ones, just to register my “vote,” so to speak, against this new security measure implementation.
1) I don’t use a cell phone except for emergencies, and I do not text.
2) I have an email address that can be used instead of a cell phone number, and is my preferred authentication method.
Item 2 above is, in fact, the authentication method used by many businesses/agencies, including my credit union. If other companies/agencies can use this method, then the SSA should ALSO be able to use it. THE TECHNOLOGY EXISTS! Further, Item 2 above is a global method that can be used ANYWHERE I might be, with computer and Internet access.
Alana S.
What a terrible idea! I have a dinosaur cell and do not text. So my “more secure” option would be to give you MY SON’S CELL # AND HAVE HIM CALL ME TO GIVE ME THE CODE??!? Or drive to a Social Security Office?? What stunningly poor customer service. Imagine a business whose business model decided to serve only “a majority” of consumers? Discrimination, no?
Walter R.
Expecting seniors to pay $100+ per year for a burner mobile phone in order to access mysocialsecurity online is beyond the pale. People will stop using the online site and go back to requesting paper mailings and conducting in-person visits to the field offices. Maybe that’s the objective of the humans running this program.
Cannot imagine what happens when your mobile phone dies and the new one has a different telephone number. I foresee lots and lots of problems.
Frankly, as we grow older our ability to use technology will decrease, not increase. The more complex the task, the less likely a senior will be able to complete it. Many seniors stick with landlines only for safety (landlines continue to work even when the power goes out) and because its easier to hear the conversation. No texting on landlines.
Probably best just to put a permanent electronic block on your social security number and then it will be safe from everyone, including you.
BTW… Treasury uses dual authentication and its all done online using their website and your email. There were lots of implementation problems there too. The email houses classified their code messages as junk and delivery was too slow to be usable. Who could wait around 20 minutes for the emailed code to arrive before getting into their account?!?
Good Luck. Technology is increasingly becoming the problem, not the solution.
Kirk
NIST is deprecating SMS. (Yes, this is just the proposed draft, but SMS is known to be insecure.) SSA should do the right thing, and provide other methods of security.
http://www.newsfactor.com/story.xhtml?story_id=132004JY9LO0
“…National Institute of Standards and Technology (NIST), the federal agency responsible for setting official guidelines for technology standards and measurement regulations.] The organization released a new draft of its Digital Authentication Guideline, in which it explained that SMS two-factor authentication would no longer be encouraged going forward.
“OOB (Out of band) using SMS is deprecated, and may no longer be allowed in future releases of this guidance,” the latest draft reads. The agency cited the risk of that SMS messages may be intercepted or redirected as one of the reasons behind its decision to no longer support SMS two-factor authentication.”
Wayne
I made a conscious decision not to use texting because of the 20 dollar monthly fee years ago. I use email similar to texting. so now they want to force me to pay the 20 dollars monthly(240 dollars annually) just to access my social security account. I’m a bit angry.