The Social Security Administration has backed off its recently introduced multifactor authentication system. Intended to tighten online security in compliance with Executive Order 13681, the new system requires those checking and managing benefits on www.ssa.gov. to provide, in addition to user name and password, a number to a text-enabled mobile phone. After entering user ID and password, the individual receives an 8-digit authentication number by text, which must be entered in order to complete the log-in process.
As a result, Social Security recipients who do not have text-enabled cell phones – a fair percentage – were locked out of their accounts earlier this month. While the problem did not prevent recipients from actually getting benefits, it did prevent them from viewing benefits online and making administrative changes such as changing addresses, bank information, etc. Even those with text-enabled cell phones were unhappy with the cost related to receiving the texted code.
In response to the backlash, the Social Security Administration has rolled back the new log-in requirement. Current account holders can again log in as usual, entering just a user name and password. However, the multifactor authentication system is still available for those who wish to use it, and the agency encourages those with text capability to do so.
The agency says it is working on alternate system that will tighten security without relying on text messaging. That new system is expected to be rolled out in about six months.
