The Social Security Administration has dropped a measure to boost its website security that had the effect of locking some people out of their online accounts.
About two weeks ago, the agency began requiring people to use a security code sent by text message to a cellphone—in addition to a user name and password—to log into a “my Social Security” account. That requirement was problematic for some people, including seniors, who don’t have reliable cellphone service or text-enabled phones—or who simply aren’t comfortable with this means of communication.
That “multifactor authentication” rule is now gone, the agency website declares:
UPDATE: “Our aggressive implementation inconvenienced or restricted access to some of our account holders,” Social Security spokeswoman Dorothy Clark said Monday. “We are listening to the public’s concerns and are responding by temporarily rolling back this mandate.” She said the agency strongly recommends the use of the texting measure for added security, and that it plans to add an additional authentication option within the next six months.
“We are grateful for a reprieve, even a temporary one,” says Mary Johnson, a policy consultant to the Senior Citizens League, which had expressed concerns about the policy earlier this month.
Some in Congress had also raised concerns about people not having other alternatives besides texting to access their Social Security accounts with enhanced security.
The Social Security Administration "must make other options available so that individuals without a cell phone can continue to use" the online system, Sam Johnson, chairman of the House Ways and Means subcommittee on Social Security, wrote on Aug. 2 to Carolyn Colvin, the acting Social Security commissioner. Senators Susan Collins and Claire McCaskill, the chairman and ranking member of the Senate Aging Committee, sent a letter to Social Security last week saying in part: