The Social Security Administration recently announced that beginning June 10, two-factor authentication will be required for all account holders logging into the “My Social Security” portal.
To comply with this new rule, account holders will be required to provide their username and password, and either their cell phone number or email address as the second identification method. After providing their cell phone or email address, the account holder will be sent a time-sensitive passcode to authenticate his or her identity.
This is the Social Security Administration’s second attempt at implementing two-factor authentication. In 2014, an Obama administration executive order mandated improved security for consumers regarding financial transactions, and remediation for victims of identity theft. Based on this executive order, in July 2016, the Social Security Administration announced the requirement of two-factor authentication for the account holder portal through the transmission of one-time passcodes via SMS text messages to the account holder’s cell phone. This method was widely criticized because many of the account holders were senior citizens who did not have access to a cell phone and therefore lacked the ability to use two-factor authentication for their account. Continue Reading