Comments

1. WILLIAM B.

   August 15, 2016 5:31PM

   I am unable to receive text message, therefore I never received the text for the advanced requirement for Social Security I.D. necessary for the new requirements.

   Thank you.

   William B. Gould

   • 

     Ray F.

     August 16, 2016 3:08PM

     hi William. We removed the requirement to use a cell phone to access your #mySocialSecurity account. While it’s not mandatory, we encourage those of you who have a text capable cell phone to take advantage of this optional extra security, which has always been available. We continue to pursue more options beyond cell phone texting. We apologize for any inconvenience you may have experienced.

2. Susan

   August 15, 2016 5:28PM

   Some of the people who posted either don’t speak or read English, or don’t comprehend the language. The post says they are stopping the cell phone texting security option until they can figure out something better in the next 6 months in response to the complaints, yet many posts are stilll complaining about it as if it were still happening. They should have involved those receiving SS by asking how many had cell phones or were able to receive texts, or were planning to do so, but they instead just everyone had cell phones and would be able to use this option. They need to get out in the real world and see that cell phones are not desired by a lot of people. Maybe the millenials are the majority who have all the latest technology, but how many of them have income to support their usage of the technology?

3. dave j.

   August 15, 2016 5:27PM

   It’s simple, they monitor all cell phones routinely, and the layer of security refers to theirs, not your, it gives them another layer of spying on the people of America,they need to keep their fingers on the web as a spider, to react in defense against a government by the people, for the people they need to spend their time on fixing social security, and simple put back the money they sole from all of us~!, it would be more than a solvent account, able to do what it was designed to do, the only reason we have to deal with issues all the time, and not receive our cost of living every year[for those that earned it, not refugees and illegals~!] is because they continue to steal from it, I can’t wait to get a president, and congress and senate, that puts the American interest over all~!, we don’t want a global government, we have chosen the constitution as our rules.We don’t want a failed experiment, no socialism~!!my2¢

4. Sharon

   August 15, 2016 5:21PM

   Thank you so much for changing this. I cannot get any cellphone reception from my home, so am looking forward to your new authentication procedures that hopefully include a phone call to my home line that DOES work.

   • 

     Ray F.

     August 16, 2016 3:10PM

     Hi Sharon. We removed the requirement to use a cell phone to access your #mySocialSecurity account, while we continue to pursue more options beyond cell phone texting. We apologize for any inconvenience you may have experienced.

5. Bill

   August 15, 2016 5:04PM

   It’s great that the text response MFA has been rolled back. Several folks advocate email. Both text and email have similar problems – forcing a use of a separate application (email) or device (text). Additional authentication can be far more simply and easily achieved by allowing users to compose a series of 1 sentence challenge questions and answers in their user profiles. These would not be canned questions that the IT departments chooses. Another option is choosing a graphic from a substantial group, one of which was selected by each user and recorded in their profiles. These all allow good challenge/response security options without forcing ‘out of band’ multi-factor authentication.

   • Lane L.

     August 16, 2016 11:18AM

     I looked up the basic definition of multifactor authentication which is “a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know); possession (something they have), and inherence (something they are).”

     It seems that MFA doesn’t take place with either the challenge questions or use of graphics when the user enters log on credentials since all represent the “knowledge” category. I can see where SSA came up with the cell phone requirement as that met the “possession” thus MFA is correctly implemented. Unfortunately as we have all seen, too many of us do not have cell phones with text capability for this cell phone requirement to be realistic.

     Using email address to send the code should satisfy the “possession” category. After all, smart phones can launch both the browser and the email client in addition to serving as “a cell phone with text capability.”

     It would be interesting to see what solution SSA comes up with.

     • Lane L.

       August 16, 2016 11:32AM

       As for the “inherence” category, this is satisfied by “some physical characteristic of the user (biometrics), such as a fingerprint, eye iris, voice, typing speed, pattern in key press intervals, etc.”

       This category could not be satisfied in this situation since that would require biometric scanners in addition to the varying transmission speeds of packets through the Internet. Not only that, but I would not consent to installing software on my end to monitor and transmit keystroke activity regardless of whoever has the reins of government at the moment. /wink

       • Lane L.

         August 16, 2016 11:39AM

         I was thinking of typing speed and such when referring to how packets may travel through the Internet and how long each packet takes. I am sure a programming solution can be arrived at to account for this, but that seems to me “programming for programming’s sake not adding any real value …” – and again I would not install such software on my machines. Nah.

     • Lane L.

       August 16, 2016 11:44AM

       > Using email address to send the code should satisfy the “possession” category.

       An email account has to be set up. It is tangible – and under the control of the accountholder.

       A compromised email account is like having the cell phone stolen. Same difference.

       • 

         Ray F.

         August 16, 2016 12:27PM

         We appreciate your comments. We listened to the public’s concerns. We are responding by removing the requirement to use a cell phone to access your personal my Social Security account. While it is not mandatory, we encourage you who have a text capable cell phone to take advantage of this optional extra security, which has always been available. We continue to pursue more options beyond cell phone texting. Thanks!

         • Lane L.

           August 18, 2016 4:05PM

           Arthur Schwarz’s post below indicates use of email address is problematic according to NIST standards for OOB and 2FA authentication. Given this, it would be interesting to see what solution SSA eventually comes up with.

6. Claire

   August 15, 2016 4:59PM

   It is very disturbing that you are considering only those with phones that have texting capabilities as a security measure. What are those of us who don’t have “smart phones” and don’t have texting capability are going to do to get into our accounts?

   I agree that you spend all this money putting something in place that lots of seniors who are older don’t have the capability to do, or are not able to understand what it all means.

   It would be far better to put that money towards an increase in our S.S. checks which certainly don’t even come close to covering all our expenses and are sometimes the only incomes we have! Rather a waste of your and our time and our money!!!

7. Robert Y.

   August 15, 2016 4:56PM

   As long as your require the use of a cell-phone the new system is defective. [Thousands of users are now no longer able to use the online system.] What about land-line users? What about the use of an e-mail address? If the latter two methods are acceptable to major banks and brokerage firms, it should be acceptable to Social Security.

8. Sharyn

   August 15, 2016 4:55PM

   Social Security aren’t the only ones using that method !!!

9. James J.

   August 15, 2016 4:52PM

   Sad to say in this day and age that where I live we do not have cell phone service. So to us cell phones are no good. No service No phone

   • Robert Y.

     August 15, 2016 4:58PM

     I’ve already brought this defect to the SSA. I’ve also brought this defect to the attention of my US Senator. Perhaps more non-cell phone users need to do the same.

10. Fahmi N.

    August 15, 2016 4:44PM

    I am going to keep saying this hoping that somebody will read my comment and maybe revisit the subject of online accessibility for American who live overseas and have no current US address. I think multifactor authentification is great, but I can not see how type of address will add or subtract from account security.
    Please take a look at this unfair exclusion, of not permitting people with no US address to enjoy benefits of online access to their accounts. Thank you.

    • Tom

      August 15, 2016 8:44PM

      You are 100% correct. Why is it that my credit card companies and US banks will accept my overseas cell phone number for authentication but the My SS system only accepts 10 digit phone numbers so it is impossible to include the country code with the cell number? Surely there is a quick fix for this, that is, unless they are TRYING to exclude overseas My SS account holders.

    • 

      Ray F.

      August 16, 2016 3:19PM

      Hi Fahmi! We want to assure you that we are constantly exploring ways and working hard to improve the services we offer. Your feedback is greatly appreciated!

Comments are closed.