The technology snafu started when the SSA added “multifactor authentication” to log on to MySSA customer accounts. It was a well-intentioned move to satisfy an executive order by U.S. President Barack Obama that federal agencies take steps to protect sensitive financial data. But critics pointed out that many older Americans do not use text messaging, and customers at one major mobile phone service – Verizon – inexplicably found themselves unable to use the new security layer. Two weeks later, the SSA backpedaled, admitting that the authentication process had restricted site access for some customers and saying it will look for other ways to bolster its online security. For now, account holders can log on with a username and password. But the texting misstep is part of a broader customer service challenge the SSA faces.
[ NNSquad ]
Lauren’s Blog: “Confirmed and Unacceptable: Social Security Administration Cutting Off Users Who Can’t Receive Text Messages”
Confirmed and Unacceptable: Social Security Administration
Cutting Off Users Who Can’t Receive Text
If you don’t have a cell phone, or some other means to receive SMS
you won’t be able to access your Social Security Administration “My Social Security” online account starting next month.
The SSA is currently sending out emails announcing that SSA online users MUST receive an SMS text message with a two-factor authentication code to access their accounts starting in August.
According to Congressional testimony in May, SSA “expects” to make
other two-factor methods available at some point in the future.
While the “expectation” of additional two-factor options at some
unspecified time down the line is interesting, the move to now block
users who do not have cell phones, or text message capable cell
phones, or do not have text messaging enabled, or do not know how to
access and read text messages — IS UNACCEPTABLE, especially on such
short notice to SSA users.
Two-factor authentication systems are very important, but keep in mind
that SSA by definition is dealing mostly with older users who may have
only recently become comfortable with online services at all, and may
not make any use of text messaging. Many do not have cell phones or
somebody to receive text messages for them.
Additionally — and ironically — text messaging is considered to be a
substandard means of receiving two-factor authentications. And — get
this boys and girls — NIST (the USA’s National Institute of Standards
and Technology) — just a few days ago officially declared that text
messaging based two-factor should no longer be used at all — it’s
simply not safe and secure.
It appears that SSA has really mucked this one up. This isn’t secure
two-factor, it’s a three-ring circus. And it’s going to leave many SSA
users out in the cold.