Social Security Administration Now Requires Two-Factor Authentication

With tax fraud becoming a top choice among scammers, the U.S. Social Security Administration is aiming to beef up its security by embracing two-factor authentication for anyone who wishes to use the government agency’s online services.

Last week, the Social Security Administration said visitors to the website that want to manage their retirement benefits have to do more than provide their login and password; they will also have to provide a mobile phone number. In order to access the services, accountholders will have to provide a cell phone and will then receive an eight-digit code through a text message that has to be entered with the username and password to access the account. The Social Security Administration said the changes were due to an executive order for all federal agencies to beef up their authentication for accessing services on the internet.

“People will not be able to access their personal my Social Security account if they do not have a cell phone or do not wish to provide the cell phone number,” the Social Security Administration said, according to Krebs on Security. “The purpose of providing your cell phone number is that, each time you log into your account with your username and password, we will send you a one-time security code you must also enter to log in successfully to your account. We expect to provide additional options in the future, dependent upon requirements of national guidelines currently being revised.”

The Social Security Administration said the cell phone number is only for sending the security code and won’t be shared or used for any other purpose. And while the administration acknowledges not everyone has a mobile phone, it said it implemented the two-factor authentication with cellphones because technical and resource constraints precluded them from rolling out other ways in the first phase and that research shows an overwhelming majority of Americans have cell phones and use them for texting.