Social Security Administration Multifactor Authentication Rollback
One of the issues web sites and service providers have had to grapple with has been security for their users, specially keeping their accounts from being compromised. Requiring complex passwords and other clever mechanisms go a long way in combatting unauthorized access to accounts but another strategy that has been gaining momentum is multifactor authentication (MFA), mainly two-factor authentication.
Two-factor authentication requires the user to use 2 separate mechanisms to prove his identity and access his account. This could be a chip card and a pin number, also known as chip-and-pin to access one's debit account. It could also be a finger print combined with a password and in case of many web sites, it is a user/password combined with an additional one-time password send to the user's phone each time the user needs to login to his account.
This was also the aim of the SSA (Social Security Administration) to strengthen login security for millions of Americans who use the SSA website to access their accounts. my Social Security has included an optional two-factor login for its users since 2012. But in late July the SSA decided to make two-factor authentication mandatory to bolster its login security even further.
The SSA's two-factor security relies on a login user/password as well a one-time password sent to the user's phone using SMS or text messaging. Unfortunately things didn't go as planned with this new change as many people do not have cell phones, or are unable or unwilling to get texting service because of availability or cost.
Thankfully for those people SSA has reversed its decision and for now two-factor authentication is optional again. However users are encouraged to use two-factor authentication to login to my Social Security web site and check their social security accounts.