Frauds & Scams

New Online Security

August 3, 2016 • By

Reading Time: 2 Minutes

Last Updated: November 3, 2023

MFAWe’ve added an extra layer of security for our customers when they interact with us online. Now, my Social Security account holders are required to use their cell phone — in addition to their username and password — as another authentication factor during online registration and every sign in. An authentication factor is information used to determine if someone is who they claim to be.

This extra layer of security is called “multifactor authentication” and complies with an executive order requiring federal agencies to provide more secure authentication for their online services. Any agency that provides online access to a customer’s personal information must now use multifactor authentication.

Since my Social Security became available in May 2012, almost 26 million people have created an account. We have always offered multifactor authentication, but only for customers who opted for extra security. For your protection, we now require multifactor authentication for all my Social Security users. To register and sign in, you must now enter a security code that we will send to your cell phone. Your cell phone provider’s text message and data rates may apply.

Our research shows that an overwhelming majority of American adults have cell phones and use them for texting. Because of technical and resource constraints, we are not currently able to offer alternative methods of satisfying this security requirement. However, we may consider adding more options in the future. We appreciate your patience as we work continuously to secure your online information.

We’re committed to using the best technologies and standards available to protect our customers’ data. Multifactor authentication is just one of the ways we’re ensuring the safety and security of the resources entrusted to us. Visit my Social Security to learn more about this helpful suite of online services, including additional details about our latest security measures.

Did you find this Information helpful?

Yes
No
Thanks for your feedback!

Tags: ,

See Comments

About the Author

Jim Borland, Assistant Deputy Commissioner, Communications

Jim Borland, Assistant Deputy Commissioner, Communications

Comments

  1. J. M.

    Me too!! We have a cell phone, but it is TELEPHONE ONLY . . . no ability to accept text messages. As a retired programmer and system designer, it appears to me that you failed to consider all of the requirements for this new implementation.

  2. Tippy

    So now you are forcing us to buy, & pay monthly charges for, a cell phone? Ridiculous idea!! I do not have a cell phone with text options nor can I afford to buy one. Discrimination!!??!! Only those who have cell phones with text capabilities will be able to access their accounts! And, many SS recipients are in their 70’s, 80’s & up and do not have cell phones. I suggest that you rethink this ridiculous plan!!!

    • R.F.

      The text message option has been a feature in my Social Security since its launch in May 2012. Making this functionality mandatory allows us to comply with the executive order and use a reliable method of multifactor authentication (MFA) for our almost 26 million current account holders. We are limited to text messages for the initial MFA implementation due to technical and resource constraints. We may consider adding additional options in the future. For more information about our MFA process, check out https://www.ssa.gov/myaccount/MoreInformationAboutMFA.html. Thanks!

      • Marty

        Isn’t cut a paste a wonderful feature for you? Otherwise you’d have to re-type a lot of your responses.

        I think the government should provide a free text enabled cell phone, to everyone on Social Security, pay for the service and FORCE the cell phone providers to give everyone good cell phone service where they live.

  3. alberta g.

    i have no cell phone and have no intentions of getting one, now what????????

  4. Paul

    As Mr Borland and others responsible for this rather short sighted decision are finding out, many people don’t have cell phones or don’t have texting or have to pay a fee for receiving a text, etc. This should never have been implemented w/o additional research and alternate options for people to provide the additional multifactor authentication.

    Many companies will call a number (home/cell)and provide an authorization code for the person to submit, or send an email with the code, or ask additional security questions the customer sets up. There are so many options to provide additional security/authentication.

    I have to seriously question the SSA leadership for allowing this to happen and the technical expertise of those who implemented this ridiculous policy.

    • R.F.

      Thanks for your comment Paul. Among our fundamental responsibilities at the Social Security Administration is protecting the safety and security of the information entrusted to us. We take our responsibility very seriously and, with that commitment, have always provided my Social Security account holders with the option of an extra layer of security. On July 30, 2016, we implemented mandatory Multifactor Authentication (MFA) to comply with Executive Order 13681, which requires federal agencies to provide more secure authentication for their online services. At this time, we are only using the text message method for authentication. For more information about our MFA process, check out https://www.ssa.gov/myaccount/MoreInformationAboutMFA.html. Thanks!

  5. Ted

    So this means when S.S.A. is hacked by computer hackers, not only will they have all my info but now they’ll also have my phone number. WOW. What a boon for hackers.!

  6. LM

    The need for a cell phone will now limit the availability to folks, not a valid way to secure the system. To many, a cell phone is still a luxury, for someone dwelling in an assisted or skilled facility there is just no need for the added cost of a cell. This does NOT fix the system.

  7. Terri

    I think this is a good idea. One feature I would like to have is for SsI recipients to be able to do address changes through my social security. I often worry that the phone representatives enter info incorrectly. I don’t know why people who are disabled since childhood are treated as second class citizens and not able to update info online. People on retirement as are no better than ppl with lifelong illnesses. For you all who don’t have cell phones. I understand the cost, but the double security is necessary. There are companies that give free phones with texting for low income people. Budget mobile is a really good one. I wouldn’t feel safe without a phone. My condition makes it hard for me to walk. So I don’t go outside at all without my phone. Thank you ssa for looking out for our security.

    • W G.

      So you think I should pay over $1000 a year just to have a smart cell phone for when I want to use the Social Security web site?

      I now am sure my Social Security data is so secure that even I cannot access it.

      I

    • John O.

      I assume you get SSI but your typing is so poor I can’t tell. Most SSI payments like most SS payments are direct deposited to a bank or to a CU. However the amount paid is also based upon where you live and your living arrangements. Such can not be gleaned without asking you questions usually through an interview. So don’t expect a change in this area any time soon.

    • R.F.

      We appreciate your thoughts Terri. Thanks for your comment!

  8. Drop D.

    My cell phone number is none of your business.

  9. Bill

    Thanks. you nitwits have just rendered this site just about useless for me. There are other far better MFA choices like shared secrets where a user free-forms a question and answer that only he or she has knowledge of then shares it with you, or a shared picture preference. Linking hardware and users is a terrible solution that you should retract and abandon immediately. If you must, continue it as an option for those who prefer it. For the rest of us, let us alone. Now!

  10. J S.

    I have no cell phone. Now what? Why put in a system that locks out a lot of users? This is dumb!

Comments are closed.