Social Security rolls back two-factor mandate

FCW ^ | Aug 15, 2016 | Adam Mazmanian

[ken in texas]

The Social Security Administration is relaxing a recent security directive requiring beneficiaries to use two-factor authentication to log into personal accounts after complaints that the new restrictions hindered user access.

...

SSA has not come up with a new two-factor verification method. The agency is strongly recommending that users take advantage of the text-message security option, but beneficiaries are able once again to use a simple username and password to access their accounts.

...

[ken in texas]

As noted in the recent thread on FR - http://www.freerepublic.com/focus/f-news/3456388/posts, the SSA recently instituted two-factor authorization by requiring users to provide a cell phone number that could receive a text message.

The SSA has now dropped that requirement. I was able to log on this morning by providing only my username and password.

Apologies in advance if this has been posted already.

[from occupied ga]

It is kind of a PITA. They make you change your password to stuff you couldn’t possible remember and have to write down anyway.

[Gaffer]

The last two times I logged in they used the two factor thing.

[ken in texas]

Have you tried today? I suppose it's possible that since you already gave them a cell number they will do the two-factor thing with you.

I'm still poking around to see if I can find more details.

[WKB]

Book mark

[Wonder Warthog]

Typical bureaucratic stupidity. What they want to do would have worked just fine IF they had allowed the "receipt and response" to be done by email as well as smartphone.

Think about it....if the person is trying to access his account FROM HIS COMPUTER, then email actually makes more sense than smartphone txt message. But allow the choice, and the problem goes away. Those who don't have smartphones are not shut out as they were with the original requirement.

[ken in texas]

It's not only a PITA, but requiring regular password changes is also considered to be a poor security practice.

But then again, government bureaucrats always know better than anyone else. /s

[ASA Vet]

Why would a person need to log into their account? I didn't even know there was such a thing on line. My Social Security is deposited every month electronically. Nothing I need to do ever.

[ken in texas]

Think about it....

That's just it, thinking is involved. Government drones don't think.

[headstamp 2]

[Why would a person need to log into their account?]

It makes it easier for people posing as the beneficiary to access the account.

(grin)

[oh8eleven]

My Social Security is deposited every month electronically. Nothing I need to do ever.
Yeah, me too. I signed up on-line in 2009, and never even had to send in any documentation.
I was totally surprised how easy it was.

[Carriage Hill]

There’s a box you can check to get around that BS, “Don’t send me any messages”.

[Opinionated Blowhard]

This is happening with most computer online access to anything sensitive — bank accounts, remote work locations. Its the wave of the future in computer security so people are going to have to get used to it. It really does help with hacking.

[Roccus]

PING

[CatQuilt]

Exactly.

[Gaffer]

My account fluctuates because they keep screwing with what they take out, what they say I owe them and what I get. It varies from month to month, actually.

When you flirt with their income limits, they get on that crap right away and start penalizing you for making too much money or something.

[Resettozero]

Typical bureaucratic stupidity.

Typical bureaucratic wickedness.

[Roccus]

What about those of us who where receiving SS retirement benefits BEFORE they started the mySocialSecurity accts BS?

SSA sends me my 1099 every year by USPS. Same goes for any notice of benefit or Medicare premium changes.

[Gaffer]

No, I haven’t but it really doesn’t matter now. In fact since they have the right number and my ID and password stuff correct, there is less chance of anyone getting into it.

[ken in texas]

This is happening with most computer online access to anything sensitive...

True. And I have no problem with it if they let me opt-in to use the safety feature. Forcing its use and leaving people with no means to access the on-line account is another matter.