Last summer, the Social Security Administration announced it would start requiring two-factor authentication via cellphone for its 30 million online account users. The news created an uproar among older recipients who said they didn’t own cellphones. After two weeks the agency said, in effect, never mind.
Fast forward to this summer and the agency is making a second stab at improving online security.
As of June 10, people logging into their online Social Security accounts will need to verify their identity by one of two methods: a code sent to their cellphone or a code sent to their email accounts.
The move is part of a broader government push to ramp up online security amid a number of hacks of government and commercial websites that have compromised the personal information of millions of Americans.
The new system is not expected to be as secure as cellphone-only two-step authentication since many people use the same password for email and other online accounts. If one of those accounts gets hacked, cyber intruders would then be able to access their Social Security account via the victim’s email.
It is, however, one more layer of security. And it can be made even more secure if users use a unique password reserved for email accounts alone, said Stephanie Lucas, a digital media specialist with the Los Angeles office of the law firm Baker & Hostetler.
Your personal account at ssa.gov can be used to check benefits and manage direct deposits to bank accounts, among other things.