Organize Your Social Security Account Securely with Multi-Factor Authentication

Posted on: August 4th, 2016 by Julie Bestry | No Comments

A few years ago, we discussed how Social Security replaced the annual paper statements (for individuals under age 60) with an online system called My Social Security, and I explained the steps for registering for an account. (Officially, it appears everywhere as “my Social Security,” complete with the italicized, lowercase “my” and color-coding, which Paper Doll finds frustrating and will not emulate, but let’s stay on point.)

In step #8 of the Paper Doll’s 16 Ways to Organize Your Money in 2016, I reminded you of the importance of registering for your My Social Security account.

MySocialSecurity

My Social Security is similar to your IRA, 401(K), and other retirement-related websites, in that it provides essential information for planning your retirement. At the website, you can see your estimated benefits if you were to retire early (at age 62), at your full retirement age (for Paper Doll, that’s 67) or later, at age 70. You also have the opportunity to view your complete earnings record (and taxes paid for both Social Security and Medicare purposes), back to the first time you filed your taxes. For example, my record begins in 1984.

In addition to providing comforting figures (or spurring you to improve your retirement-related investment habits), the My Social Security online account gives you other opportunities. You can:

  • Provide eligibility proof (for yourself or your family) that you have qualified to receive Medicare, disability, retirement, or related benefits.
  • Identify under-reporting errors, generally caused when an employer neglects to provide an accurate 1099 to the IRS.
  • Identify over-reporting errors, which most often happens when you’re a victim of identity theft. If someone fraudulently uses your Social Security number when applying for a job (which they would be unable to get under their own name and number), that income can be erroneously applied to your Social Security record.

SocSecBanner

Starting this month, as the result of an executive order for all federal agencies to provide more secure authentication for their online services, the Social Security Administration is creating an additional level of security to protect users’ privacy. Social Security, like other agencies that that provides online access to its customer’s personal information, will be using multi-factor authentication. That’s a fancy way of saying Social Security will be using more than one method to make sure you are really you.

It also means that you’ll have to do a little more to prove that you are you. Annoying? Well, wouldn’t it be more annoying to have someone fraudulently log into your Social Security account?

Effective immediately, when you sign into your Social Security account at ssa.gov/myaccount, you will still use your username and password, as always. However, the site will then ask you to add your text-enabled cell phone number. From then on, every time you log into your Social Security account, the system will text you a one-time security code you will then enter on-screen before you can successfully complete your log-in.

So, if you already have a My Social Security account, you can go test it out:

Step 1: Sign in with your username and password. (Remember, Social Security makes you change your password every 6 months, so be prepared to make note of your new password somewhere secure, like your password notebook or password app, and not on a sticky note next to the computer!)

Step 2: Get a text message from Social Security. It won’t say it’s coming from Social Security — there will just be a phone number and a one-time security code.

SocSecText

Step 3: Submit the security code by entering the code from the text into the field on the screen and hit “submit.”

That’s it! Because I had my phone next to the computer, the whole process took about six seconds. If you have to go hunting around your home or office for your phone, it might take a few extra minutes. Still, pretty easy for helping protect your data, eh?

There are some potential downsides to this plan, of course.

You have to have a text-enabled cell phone. If your first reaction is, “That’s silly. EVERYONE has texting!” then you’re probably younger, have some form of disposable income, and are used to texting. But not everyone has texting. Until mere months ago, Paper Doll enjoyed the gentle chiding of colleagues over this very issue.

perry-rotary-phone

Yes, it’s true, I had a flip phone and a 2000-era legacy account for 300 minutes for $30/month. I didn’t text because it’s nearly impossible to text out on a dumb-phone, and I froze texting on my plan so I wouldn’t be charged for incoming spam calls and wrong numbers. However, because texting has “almost zero marginal cost” for service providers, the advent of unlimited talk-and-texting plans means that upwards of 88% of Americans have access to unlimited texting.

If you don’t have an unlimited plan, your cell phone provider’s text message (and possibly data) rates may apply.

You have to be willing to provide your cell phone number to the Social Security Administration. But y’know, they have your address, they have access to all your tax returns, and they know how much money you make and will get back. Unlike your favorite coffee bar or fast food place, they probably won’t be tempted to sell your cell phone number to other marketers. I can’t be certain, but I think your cell phone number is pretty safe with Social Security.

So, from now on, if you want to be able to log into your account, you’ll have to be willing to adhere to two-factor/multi-factor authentication, and not only know your user name and password (which, again, Social Security makes you change every six months), but you’ll have to have your cell phone nearby so that when you log in, you can pause for a few seconds and type in that special code.

If you don’t have a text-enabled cell phone [note: it doesn’t have to be a smart phone] or you don’t want to give up your digits, you won’t be able to access your Social Security account. That doesn’t mean you’re out of luck — you’ll just have to contact Social Security “Old School” by phone, US Mail, in person, or by email.

Multi-factor authentication isn’t the wave of the future; it’s the wave of the present. My bank just upgraded its online app, and I went through the same process to prove my identity. The bank also gave me the option of using my thumb or fingerprint to log into my account. I have no doubt that future options will include voice authentication or retinal scans — perhaps psychic readings, someday! The point is, the safer your information is, the safer your financial future is, and isn’t that a goal of a more organized life?

Leave a Reply