The Social Security Administration has tightened security on its website. And that added protection is likely to keep some seniors from being able to access their Social Security accounts online.
The agency is now requiring people to use a security code sent by text message to a cellphone—in addition to a user name and password—to log into a “my Social Security” account. Such “multifactor authentication” is widely used by financial institutions and other organizations to limit unauthorized access. Social Security notes on its website that it added the requirement to protect users and comply with an executive order requiring federal agencies to beef up online security.
On Monday, Verizon Wireless customers weren’t able to access their Social Security accounts because they weren’t receiving the security codes, according to a notice posted on the Social Security Administration’s website.
UPDATE: On Tuesday, the agency said the problem for Verizon customers was fixed. But it said that due to heavy traffic on the website, “you may experience problems receiving your security code via text message or entering the security code you receive.”
More broadly, the added security is likely to be a problem for some people, including seniors, who don’t have reliable cellphone service or text-enabled phones—or who simply aren’t comfortable with this means of communication.
“We’re concerned that the abrupt change will cause a lot of confusion and frustration among older Americans, many of whom don’t have reliable access to text-enabled cellphones,” said Jessie Gibbons, senior policy analyst for the Senior Citizens League. She said the group “does support strong online security, but we definitely feel that alternate means must be provided so that beneficiaries don’t lose access to their online accounts.”
At Social Security, spokeswoman Roxanne Williamson said,“We understand that not everyone has a cellphone or cell service. This is our first step in adding security, and we expect future enhancements will provide other options.”
There are limits to the protection provided by the new authentication requirement. For instance, it “does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven’t yet created accounts for themselves,” cybersecurity specialist Brian Krebs wrote on his website Monday.
He suggests that people go ahead and create an online Social Security account if they haven’t done so already: “Because it’s possible to create just one ‘my Social Security’ account per Social Security number, registering an account on the portal is one basic way that Americans can avoid becoming victims of this scam.”