Frauds & Scams

Update to New Online Security

August 15, 2016 • By

Last Updated: August 19, 2021

MFAOn July 30, 2016, Social Security began requiring new and current my Social Security account holders to sign into their account using a one-time code sent via text message. This second layer of security that requires more than a username and a password is known as “multifactor authentication.” We recently mandated this second layer of security to comply with the President’s Executive Order on Improving the Security of Consumer Financial Transactions. We implemented it aggressively because we have a fundamental responsibility to protect the public’s personal information.

Our aggressive implementation resulted in some of our customers being unable to access their personal my Social Security accounts.  We listened to the public’s concerns, and have temporarily rolled back this mandate.

As before July 30, current account holders will be able to access their secure account using only their username and password. We highly recommend the extra security text message option, but it will not be required. Now, we are developing an alternative authentication option, besides text messaging, that we will implement within the next six months.

We strive to balance security and customer service options, and we want to ensure that our online services are both easy to use and secure. The best way to secure your information is to create a personal my Social Security account. If a person already has an account, a fraudulent attempt to create an account would be unsuccessful. The my Social Security service has always featured a robust verification and authentication process, and it remains safe and secure.

We regret any inconvenience you may have experienced. Open or access your personal my Social Security account today.


Tags: ,

See Comments

About the Author

Jim Borland, Assistant Deputy Commissioner, Communications

Comments

  1. Barbara G.

    It’s not true that “multifactor authentication inconvenienced or restricted access to some of our account holders.” It was the SSA’s implementation of multifactor authentication that caused the inconvenience. Other ways to implement multifactor authentication could have included sending the codes by email or automated phone calls to landlines. Next time, try talking with your users and not making one-sided decisions that will cost taxpayers additional money to rollback and re-engineer.

    • Lane L.

      I can’t help but wonder if the research that concluded an OVERWHELMING majority of us use cell phones was done by *ahem young people taking the latest technologies for granted? A few years ago I went back to college in my forties, and was constantly frustrated by its publications using the tiniest font possible with as little contrast between font and background as possible, too! The young ‘uns need to unglue themselves from their screens, and actually see the wonderful, vibrant world around them. Doing so just might save their lives one day, too!?!

      • Lane L.

        Additionally, did that research include the Deaf and DeafBlind communities along with related communities sharing significant hearing loss and speech disabilities? I don’t know of too many deaf/Deaf/DeafBlind having cell phones … and I am a member of this huge community, too. Sheesh.

      • Richard C.

        I gave SS my Cell Phone Number and set it up. It worked just fine. Now SS changes its mind. I sign in, the cell phone verification does not work and I am back to square one. Your letter made it sound like the Cell Phone EXTRA SECURITY was still in effect and it is NOT! Is my SS information REALLY SECURE????

        • MIKEP

          That’s great and you will be able to continue to use the extra security that text messages afford you but, for those of us that don’t have cell phones or just don’t want to use them for verification, it should be optional.

        • Ray F.

          We appreciate your comments Richard. The my Social Security service has always had a robust verification and authentication process, and it remains safe and secure. We strive to balance security and customer service options – a large part of our stewardship responsibility is to keep data secure – and we want to ensure that our online services are both easy to use and secure. Our aggressive implementation of a one-time code sent via text message inconvenienced or restricted access to some of our account holders. While it’s not mandatory, we encourage you who have a text capable cell phone to take advantage of this optional extra security, which has always been available. We continue to pursue more options beyond cell phone texting. We are developing an alternative authentication option in addition to text messaging that we will implement within the next six months. The best way to protect your information is to create a my Social Security account. If a person already has an account, a fraudulent attempt to create an account would be unsuccessful. We hope this information is helpful.

    • Richard A.

      Ms. Young says, “Next time, try talking with your users and not making one-sided decisions that will cost taxpayers additional money to rollback and re-engineer.”
      That’s an excellent point. However,Ms. Young is perhaps too young to have learned that is not the “guvmint” way.

  2. James L.

    Why text messaging, and not email one ?

    • Roy S.

      My cell phone testing and internet is blocked so I can’t text or use the internet on my phone. So what now.

  3. William W.

    People who are inconvenienced or restricted by multifactor authentication should be made to simply accept the fact that they will have less security.
    Those of us who can handle multifactor should be given it, for better security.

    • Barbara G.

      You’ve always had the option for multifactor authorization by cell phone. Are you using it? The objection was made to forcing everyone to have a cell phone and texting plan.

      • T.G.

        Exactly right.

      • gary d.

        I have a cell phone and texting, but I have no service within 8 miles of my house due to terrain and lack of towers!

    • Lane L.

      Multifactor can be accomplished using email, too. Heck, if one is accessing his my Social Security account, he is already online – and therefore he can check his email a few moments later to get the code to complete the sign on.

      We need to have a good balance between using multifactor to keep our personal information as secure as possible and a way to access that personal information. The requirement for a cell phone with text capability only does not meet that balancing requirement.

  4. Josephine L.

    Please give Americans living abroad the ability to create an online social security account. At the moment, anyone without a US address is denied this.

    • tomas r.

      i agree we are supposed to have the same rights as Americans living in the US. in my case i live in mexico for economic reasons

      • Richard O.

        American expats now cannot even access the SSA web site because it denies access through a foreign server. And assuming that problem is resolved, SSA does not allow a foreign cell phone number in your profile to which a code can be sent. SSA denies the existence of American expats!

        • Tom

          Exactly. The system only accepts 10 digit phone numbers essentially shutting us all out.

  5. ELIZABETH G.

    Thank you. I’m happy to see that there is security in my account. Thank you for your hard work keeping it secure. 🙂

  6. Pat

    Why would it take 6 months to add an e-mail option? Seems like a minor change.
    Many, many companies already do this. Google it and find out how.

    • Wiiliam

      The Colvin Administration @ SSA is just tone-deaf incompetent!!!!

      • Greg P.

        Maybe Trump will get this mess fixed once and for all.

        • its g.

          OMG- Is this helping now

    • .joe

      I agree use e mail or will the wing nut in the white House F that too

      • John T.

        better that a criminal

    • Michael

      Pat, email is not secure. A text is encrypted so is secure.
      It takes a long time to rewrite code and make sure it is not affecting anything else in your system.

  7. Dave

    I don’t use a cell phone. Pulse i wonder if this is just another Obama way of keeping track of us. Don;t trust or like him.

    • AARON E.

      YOU’RE AN IDIOT!!!

      • Dc

        Good point! Not that it’s any of my business, but I doubt that you’re an idiot, at all. Strange that the left leaning folk are so prone to name calling and commenting when they have no business doing either.

        • hotrodw

          Pardon me. The right has its militant base who can be cantankerous and viscious evidence by physical attacks witnessed at Trump rallies.

          • John T.

            That were payed for by HRC and DNC. Not a bad pay day 1500 bucks to cause trouble at the rallies as the emails show

      • Terry

        The old farts are idiots. They worship Trump and follow his example in blaming everyone else for any trump-up reasons. They do not have enough intelligent to know what is good for them.

        • Tonya P.

          Just plan angry for nothing: Yes my son Hillary is on the rise ???

        • John T.

          the old farts have experience something you dumb ass socialist don’t understand it does not work

    • wm d.

      ditto w/ aaron

    • mikl

      Yes. I believe this is another way of Obuma to collect data and track the people. Do not give your cell number.

      • Retiree

        Obuma isn’t going to be with us within time, so don’t worry what that loser wants to do because he prefers to play golf.

        • Seahorse

          Obama isn’t going away. Hillary will appoint him to Supreme Court Judge or as Head of Home Land Security, or Secretary of State so he can negotiate more horrible deals with Arab countries. He will have this country accept millions more Muslims until Americans are a minority. Once that happens, say good-bye to our Constitution and hello to Sharia Law. Wake up and see the future.

          • Angela R.

            I think, if fact, I’m sure this is evil from Obama (lower case deliberate) I don’t trust him and he and hilarious should be jailed forever.

        • its g.

          so negative!!!!!!

      • Tonya P.

        President Obama has less than 5 months left in office. I am not in fear of Obama…it’s the idiots that are born and raised in America. Americans embarrass our country by writing junk like this on a informative website. May are showing their breed and lack respect for themselves. Just looking outside the box, try it sometimes and you will learn beyond ignorance.

    • Lynne I.

      I think SSA is just trying to help make our online accounts less easily accessed by the wrong people. Good for them – and good for them that they have listened to we “seniors” who don’t perhaps have a cell phone/text access. And why are we now making this a political issue too? Can’t we just accept SSA’s notice for what it is and stop the ridiculous name-calling?

      • Ed

        Amen, Lynne. Too many people living in worlds of gloom and conspiracy.

      • its g.

        Thank You !!!!!

  8. JJ

    The group (say ages 50+) who have the most need for this site is also the same group least familiar with cell phones and texts. While I applaud extra security, the text methodology is NOT the way to accomplish it. I am so happy you heard our dissatisfaction with this idea and hope you will come up with an effective way to implement the extra security level.

  9. Mahamed

    Ihaveforgeten,mySSA,andmysocialsecuritynumber,wouldyoutelme

  10. Karen B.

    Thank you. I will happily add another step to improve security. But not one that requires a cell phone which I don’t have. The fact that you heard and responded cheers me. :-)))

    • Tracey L.

      I will more than happy and will feel more secure with the new added feature . 😉

      • Tracey L.

        Sorry for my typos * I would be more than happy to have the new feature. In fact I do use it and it .

        • Tracey L.

          Is GREAT!!?

          • Alan

            Great Response Jim Borland!
            Major banks/Credit Card Co.’s have for years sent secondary authentication codes to landlines for online access whenever you would change browsers or clear out your cookies, or logged on with a new device.
            This works well and I’m pleased that you listened to the consensus of opinions.

    • R W.

      this is the finally a time where the will of the people has been adhered to

      • Ed

        Make that a will of what is probably a minority of the people.

    • Arthur S.

      What was the response? I also do not have a cell phone.

      tnanks

    • tim k.

      Again SS is not paying attention. You need to have the backup plan in place for people who do not have text capable cell phones BEFORE you put the onerous plan in place. Is there no one over the age of 50 with the common sense to figure that one out.

      • Ray F.

        Hi Tim. We listened to the public’s concerns. We are responding by removing the requirement to use a cell phone to access mySocialSecurity. While it is not mandatory, we encourage you who have a text capable cell phone to take advantage of this optional extra security, which has always been available. We continue to pursue more options beyond cell phone texting. Thanks!

        • Michael B.

          Sounds like a good plan to me.thanks for the info. 😉

        • Barb

          Were exactly do you go to add the text capable cell phone. I am new to this.

          • Ray F.

            Hi Barb, there should be an extra security option on the sign-up screen. If you are already signed up, go to the message center and select “Update Preferences” and then select “Update Security Settings”. If you continue having difficulties, please call 1-800-772-1213 for assistance. After you hear “Briefly tell me why you are calling,” say “Help Desk” for help with a my Social Security account. Thanks!

        • David S.

          Ray –
          It’s nice that you pat yourself on the back for listening to the public, but the SSA should have known what a massive failure it would be to expect all their customers to have a texting plan. This poor multifactor system should never have made it off the drawing board.
          It deeply concerns me how little the SSA knows its customers.
          I’ll bet no one lost their job over this. In my IT sector, we could call this a “resume-generating incident”.

          • Mike

            I heartily agree with you David. In my job, I am required to “do my homework:” before I attempt a plan of action. I have read that the SSA is now sending out 1.5 million emails each day to SSA account holders to notify them of the rollback in the authentication process. How much taxpayer money is that going to require? How much are all of us SSA account holders, as well as non-account holders, going to pay for just one more federal government botched implementation of yet another uncalled-for executive order?

        • Julie A.

          The other real problem with what you implemented is that it DID NOT WORK. you sent the text code but the web page gave no way to input the code and only gave you the choice to cancel. It did not work. Calling help only said ‘it sometimes works’. This shows whoever you paid good $ to to design, implement, test this feature FAILED and should pay you back. Do it right next time.

    • John D.

      I agree with Karen. That cell-phone routine is very, really quite complicated for private individuals. Is there some other way to secure, like, secured e-mail back and forth, or, USPS mail to the recipient confirmation?

      • Ray F.

        Update! We removed the requirement to use a cell phone to access your #mySocialSecurity account. While it’s not mandatory, we encourage those of you who have a text capable cell phone to take advantage of this optional extra security, which has always been available. We continue to pursue more options beyond cell phone texting. We apologize for any inconvenience you may have experienced. http://bit.ly/20nvsaI

Comments are closed.