Close Close

Retirement Planning > Social Security

Social Security Pulls Back on Requiring Two-Factor Authentication

Your article was successfully shared with the contacts you provided.

For a brief period, Social Security began requiring account holders on its My Social Security system to sign in using a onetime code sent via text message.

The security measure referred to as multi-factor authentication requires more than a username and password to access information. While the security feature has always been available to account holders, the decision to mandate the second layer of security was an attempt to comply with President Barack Obama’s executive order Improving the Security of Consumer Financial Transactions.

However, the mandated security measure was short-lived, lasting from its July 30 implementation to Aug. 15.

“Our aggressive implementation inconvenienced or restricted access to some of our account holders,” Social Security Administration spokeswoman Nicole Tiggemann said in a statement. “ We are listening to the public’s concerns and are responding by temporarily rolling back this mandate.”

In addition to the public’s concerns were urgings from several Congress members.

Sens. Susan Collins, R-Maine, and Claire McCaskill, D-Mo., the chairwoman and ranking member of the Senate aging committee, sent a letter to Social Security Administration Acting Commissioner Carolyn Colvin calling on the agency to “consider the effect of this policy on the beneficiaries SSA is intended to serve” and ask “that [they] provide, as quickly as possible, additional authentication options” to “allow all seniors to have safe and speedy access to their own accounts.”

Sen. Jeff Merkley, D-Ore., also wrote a letter to the commissioner asking for the SSA to develop and implement alternative multi-factor authentication methods.

“Providing only one method of authentication places an undue burden on recipients who may be unfamiliar with text messaging, may not have a text-enabled phone, or are unable to use text messaging due to disability,” Merkley wrote.

While the share of adults overall who own a cell phone or smart phone has risen dramatically – 65% of Americans owned a mobile phone in 2004 compared with 92% in 2015 and 35% of adults had smartphones in mid-2011 compared with 68% in 2015 – mobile phone usage by older adults is still lagging.

According to Pew Research Center data from 2015, 78% of Americans age 65 and older own a cell phone and 30% of Americans age 65 and older own a smart phone.

Following the SSA’s decision to roll back the  multi-factor authentication requirement, Collins said she was pleased that the SSA listened to the concerns raised in her letter.

“As chairman of the Senate aging committee, I was troubled that the policy would have placed a high burden on seniors, many of whom do not own a cell phone,” she said in a statement. “While the Social Security Administration should develop ways to enhance security to prevent fraud, they must take into account the needs of seniors and ensure that they have easy access to their accounts.”

The Senior Citizens League also publicly expressed concerns about the SSA’s mandated security policy – and relief once it rolled backed the policy.

“Funding concerns are one of the key reasons [The Senior Citizens League] is relieved [SSA] has decided to remove the text requirement from the login process,” the seniors group said in a blog post. “Without online access, more seniors than ever would have been relying on their local Social Security offices, and understaffed offices would surely have been overwhelmed with requests.”

According to The Senior Citizens League, lawmakers in the House have proposed more than $700 million less than the amount requested by the SSA for administrative duties.

The SSA has said that if budget proposals before Congress were to take effect, they would be forced to implement immediate furloughs, hiring freezes and temporary office closures.