Advertisement

SKIP ADVERTISEMENT

Your Money Adviser

Social Security Retreats From Cellphone-Based Online Security

Never mind — at least, for now.

That’s what the Social Security Administration told those with online “mySocialSecurity” accounts, two weeks after announcing that they would be required to have cellphones to receive security code texts in order to log on to the accounts.

Social Security recipients can use the online accounts to manage their benefits, such as selecting a bank account for automatic deposit. Workers who don’t yet receive benefits can use the accounts to obtain estimates of future benefits and to check their earnings statements to make sure the estimates are based on correct information.

After an outcry from older Americans, as well as a letter from two United States senators, the agency backed off the cellphone-based code requirement.

“Our aggressive implementation inconvenienced or restricted access to some of our account holders,” said a statement emailed by an agency spokesman, Mark Hinkle. “We are listening to the public’s concerns and are responding by temporarily rolling back this mandate.”

The change means users can log on to their online “mySocialSecurity” accounts as before, with just a username and password. If they want, they can choose the text option as added security feature, as has been the case since the accounts were first offered in 2012.

The agency made text codes mandatory on July 30, saying it was doing so to comply with an executive order requiring federal agencies to upgrade their online security. The codes served as a type of multifactor authentication, in which information beyond a user name and password is used to help protect sensitive personal information online. Many banks and online services offer text verification.

But many people, especially older ones, complained that the requirement was unreasonable; fewer older Americans use cellphones, and some said they found texting difficult. In addition, technical glitches hampered access to the site, even for users with texting capability.

On Aug. 12, Senator Susan Collins, Republican of Maine, chairwoman of the Senate’s Special Committee on Aging, and Senator Claire McCaskill, Democrat of Missouri, the ranking minority member, wrote to the Social Security Administration to express concern. While they understood the rationale for the change, they said, methods for stronger fraud protection “must be considered relative to the needs and circumstances of the target population.”

“The new policy puts a high burden on American seniors, many of whom may not own a cellphone,” they wrote.

On Aug. 13, the Social Security Administration removed the texting requirement and said it planned to introduce alternative authentication options, in addition to texting, within the next six months.

“We regret any inconvenience individuals may have experienced,” the administration’s statement said.

Here are some questions and answers about Social Security benefits:

Should I use the optional text-code feature?

The Social Security Administration’s website “highly” recommends that users who have a text-capable cellphone sign up for the text-verification option. Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse, says other methods of multifactor authentication — like smartphone apps that create one-time codes — offer superior protection, but that the text option at least provides some benefit. “Certainly, set it up,” he said. “A little extra security is better than no extra security.”

What if I don’t want to manage my Social Security benefits online?

Even if you don’t expect to be a regular user of a mySocialSecurity account, there may be a benefit to establishing one. Creating an account can help prevent someone from fraudulently creating one with stolen information, because the system allows creation of just one account per Social Security number, says Brian Krebs, a security blogger.

So if you already have an account, a criminal who obtained personal information, like your Social Security number, couldn’t create one to try to steal your benefit payments.

The Social Security Administration offers similar advice.

Can I block all electronic access to my Social Security data?

Yes. The Social Security Administration website notes that victims of identity theft or those who have suffered domestic violence may want to block electronic access to their Social Security record by following steps on the website.

Doing so prevents anyone — including you — from gaining access to your record, both online and through the agency’s automated telephone system.

Advertisement

SKIP ADVERTISEMENT