Since the original thread on this subject has dropped way down I'm copying information here for any that may have missed it. (emphasis added by me)
From: https://www.ssa.gov/myaccount/MoreInformationAboutMFA.html
More About Multifactor Authentication (MFA)
Beginning in August, the Social Security Administration (SSA) will add an extra layer of security for our customers when they interact with us online using the my Social Security suite of services. my Social Security account holders will be required to use their cell phone, in addition to their username and password, as an additional authentication factor during online registration and every sign in.
We are implementing multifactor authentication (MFA) to comply with Executive Order 13681, which requires federal agencies to provide more secure authentication for their online services. We are committed to using the best technologies and standards available to protect our customers’ data. MFA is just one of the ways we ensure the safety and security of the resources entrusted to us. Since we launched my Social Security in May 2012, we have provided this added security of MFA as an option to our customers.
All new and current my Social Security account holders will need to provide a cell phone number able to receive text messages. People will not be able to access their personal my Social Security account if they do not have a cell phone or do not wish to provide the cell phone number. We expect to provide additional options in the future, dependent upon requirements of national guidelines currently being revised.
Account holders will use their username, password, and a security code we send to the cell phone number to access their personal my Social Security account. The use of a text message security code is common with many institutions. Also, the security code we send to my Social Security account holders is only valid for 10 minutes, providing additional security to our customers.
Our collection of the cell phone number is only for the purpose of sending the security code to help complete the sign-up or sign-in. We will not share your cell phone number, nor will we use it for any other purpose unless you explicitly authorize such use. We understand that not everyone may have a cell phone or wish to share their cell phone number. You may be wondering why we are using the text message method. We implemented the text message feature for very important reasons:
- The text message option has been a feature in my Social Security since its launch in May 2012. Making this functionality mandatory allows us to comply with the executive order and use a reliable method of MFA for our almost 26 million current account holders.
- We are limited to text messages for the initial MFA implementation due to technical and resource constraints, but we expect to provide additional options in the future.
- We understand that not everyone may have a cell phone or cell service. However, research shows that an overwhelming majority of American adults have cell phones and use them for texting. This is our first step in adding security, and we expect future enhancements will provide other options.
We encourage our customers who will not be able to access their personal my Social Security account without a cell phone to visit our website at www.socialsecurity.gov/agency/contact to learn about other ways to contact us to access their benefits information.
Our decision to use the text message feature to comply with the executive order helps protect our customers’ personal information. SSA is committed to providing our customers with convenient and secure online access to their personal information, helping secure today and tomorrow for our customers.
What is good for the goose today will also be good for the gander tomorrow.
Blogs & Forums
Forums
Blogs
