Digital Gov

Social Security rolls back two-factor mandate

Shutterstock image. Copyright: Dgrilla.

The Social Security Administration is relaxing a recent security directive requiring beneficiaries to use two-factor authentication to log into personal accounts after complaints that the new restrictions hindered user access.

The agency had established a policy of requiring My Social Security account holders to confirm their identities via a text-enabled mobile device. The move was in keeping with an executive order on improving security in consumer financial transactions. The policy, announced July 30, met with complaints from users. Sen. Jeff Merkley (D-Ore.) complained to SSA Commissioner Carolyn Colvin that the policy could limit account access by beneficiaries.

"As many Americans, especially older Americans, do not have a text-enabled cell phone or may be unable to use text messaging, I respectfully ask that the Social Security Administration develop and implement alternative multi-factor authentication methods," he wrote.

Merkley cited Pew data that indicated that just 35 percent of Americans over the age of 65 use text messaging. "With the majority of individuals at or above Social Security retirement benefit age not equipped to text, developing alternative multi-factor authentication methods is crucial to ensuring that all recipients have equal access to their My Social Security accounts," Merkley wrote.

SSA has not come up with a new two-factor verification method. The agency is strongly recommending that users take advantage of the text-message security option, but beneficiaries are able once again to use a simple username and password to access their accounts.

Merkley welcomed the change. "Seniors need improved access to their benefits, not technology-based roadblocks," he said in a statement.

The My Social Security account is a potentially inviting target for hackers and fraudsters. Users can use the accounts to request new Social Security cards, set up direct deposit of benefit payments and change their address for benefit payments and statements.

The lack of a viable two-factor authentication method that is senior-friendly highlights the potential pitfalls of not having a national digital identifier for citizens to transact government business. The United Kingdom took its government digital ID out of beta in May.

In the U.S. it is a different story. Currently 18F, the digital consulting shop at the General Services Administration, has ownership of a plan to build a shared login platform for accessing government services. Before that, agencies were working on their own systems and a centralized effort by the National Strategy for Trusted Identities in Cyberspace, housed at the National Institute for Standards and Technology, focused on giving grants to private sector and academic pilot projects to improve digital authentication.

Former NSTIC chief Jeremy Grant told FCW this May that, "In the U.S., while the White House indicated that all agencies should use the shared service, there have not been any real consequences for agencies that go their own way."

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected