August 06, 2016

"The SSA’s adoption of 2-factor SMS authentication comes as the National Institute for Standards and Technology (NIST) released a draft of new authentication guidelines that appear to be phasing out the use of SMS-based two-factor authentication."

Krebs on Security: The U.S. Social Security Administration announced last week that it will now require a cell phone number from all Americans who wish to manage their retirement benefits at ssa.gov. by Brian Krebs

'Unfortunately, the new security measure does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven’t yet created accounts for themselves.

'The SSA said all new and existing my Social Security account holders will need to provide a cell phone number. The agency said it will use the mobile numbers to send users an 8-digit code via text message that needs to be entered along with a username and password to log in to the site.

'The SSA noted it was making the change to comply with an executive order for federal agencies to provide more secure authentication for their online services.'

No comments: