Well, that didn't last long. On July 30, 2016, the Social Security Administration began requiring new and current Social Security account holders to sign into their account using a one-time code text message as an extra measure on online security. Two-weeks later, the agency reversed itself.
The SSA's stepped-up security measure caught online account holders and senior advocacy groups by surprise and encountered
technical problems from the start.
“Our aggressive implementation inconvenienced or restricted access to some of our account holders,” Social Security press office spokesperson Dorothy Clark said via email.
“We are listening to the public's concerns and are responding by temporarily rolling back this mandate,” Ms. Clark wrote. “We regret any inconvenience individuals may have experienced.”
It's ironic that the recall occurred the day after the agency's 81st anniversary. It just goes to show how challenging it can be to adapt a 20th century program that serves a primarily older audience to the evolving security needs of 21st century technology. But hats off to the agency for responding to public concerns so quickly. When was the last time you received an apology note from the IRS?
“As before July 30, current account holders will be able to access their secure account using only their username and password,” Ms. Clark explained. “We highly recommend the extra security text message option, but it will not be required,” she added. “We are developing an alternative authentication option in addition to text messaging that we will implement within the next six months.”
Ms. Clark urged all eligible Americans to create an online Social Security account as a way to prevent identify theft. To create an online account, an individual must be at least 18 years old, have a Social Security number, a valid e-mail address and a U.S. mailing address. You can only create an account using your own personal information. You cannot create an account for someone else, even if you have that person's written permission.
“If a person already has an account, a fraudulent attempt to create an account would be unsuccessful,” Ms. Clark said. “The mySocialSecurity service has always had a robust verification and authentication process and it remains safe and secure.”
The agency's reversal was in response to concerns such as those expressed by The National Committee to Preserve Social Security & Medicare. Its president Max Richtman wrote to acting Social Security commissioner Carolyn Colvin last week on behalf of the 26 million individuals who have already set up online mySocialSecurity accounts.
“These accounts have become a vitally important avenue of service delivery that enable account holders to change their address and direct deposit information, get verification of their benefits and obtain a copy of their Social Security Statements,” Mr. Richtman wrote. “They also take the pressure off local Social Security offices which are already stretched to the limit with workloads that require face-to-face contact.”
“Unfortunately, not all of America's seniors have cell phones that are capable of receiving text messages and we are concerned that the new authentication requirement will remain that millions of American will find themselves cut off from this convenient avenue of service delivery,” Mr. Richtman said.
Jessie Gibbons, a senior policy analyst with The Senior Citizens League, expressed similar concerns. “As many as 75% of people age 65 and older do not have access to text-enabled cell phones or reliable access to cell phone service,” Mr. Gibbons said. “TSCL values strong online security and we believe the administration made the right decision to rescind their new cell phone texting requirement while they continue to pursue more options.”
Mr. Richtman suggested one of those options would be to send an authentication code to account holders via email. Stay tuned for further developments.
(Questions about new Social Security rules? Find the answers in my new ebook.)
Mary Beth Franklin is a certified financial planner.