Entering a username and a password on a website is no longer considered an adequate measure to protect people from identity theft. The login information is stored in databases that can and sometimes are hacked and sold to thieves.
Since many people commonly use the same login information for multiple websites, a hack of one website also allows thieves to access many more websites. This has created problems for financial institutions that seek to protect their customers’ accounts. The response has been to add extra layers of security requirements to access the accounts.
The Social Security Administration recently did so, but after less than a month it is temporarily suspending the new requirement as ABC News reports in “Social Security Rolls Back Security Measures on Website.”
The requirement Social Security chose is a common one for many banks and other financial institutions. In addition to entering a username and password, website users are also required to enter a one-time code to access their accounts. The codes are sent to users via a text message on a phone previously verified to be the account holder’s. The codes normally expire after a short time.
While this has proven to be a good security measure, it is easy to see how it might not work well for everyone who wants to access their Social Security account online. People who do not have cell phones or who have trouble reading text messages would obviously have difficulty.
Social Security website users who still wish to have the extra layer of security may opt-in to the option for now. No announcement has been made if the requirement will come back in the future or if the Social Security Administration will try a different security option.
Reference: ABC News (Aug. 23, 2016) “Social Security Rolls Back Security Measures on Website.”