Personal Finance

How Social Security website may be locking out people it aims to protect


A new requirement by the Social Security Administration to improve website security may actually keep out the very people it is trying to protect.

Since Sunday Social Security is requiring users to type in a security code sent by a text message to a cellphone, in addition to user name and password, when they log into a “my Social Security” account. But, reports Money magazine and others, that’s a problem for people who don’t have a cellphone or even reliable cell service or text-enabled phones.

What’s more, on its first full day of use, Verizon Wireless customers weren’t receiving those security codes and therefore couldn’t access their Social Security accounts. The agency fixed the problem by Tuesday, saying it was due to heavy traffic on the website.

Jessie Gibbons, senior policy analyst for the Senior Citizens League, told Money that the group supported strong online security but wanted “alternate means” so beneficiaries without cellphones or reliable cell service wouldn’t lose access to their online accounts. “We’re concerned that the abrupt change will cause a lot of confusion and frustration among older Americans, many of whom don’t have reliable access to text-enabled cellphones,” she said.

Requiring a second step to sign in, or “multifactor authentication,” is used by many financial institutions and other organizations to limit unauthorized access and protect users. Social Security noted that it added this extra authentication to comply with an executive order that requires federal agencies to beef up online security.

The agency acknowledged this could be a hardship for some. “We understand that not everyone has a cellphone or cell service,” said Roxanne Williamson, a Social Security spokeswoman. “This is our first step in adding security, and we expect future enhancements will provide other options.”

Will the added security work? Some were skeptical, according to Money, which quoted cybersecurity specialist Brian Krebs as saying it “does little to prevent identity thieves.” However, registering an account on the portal can ensure that American avoid future identity scams.