Ssdfacts We Cannot Process Your Request at This Time. Please Try Again Later.
The U.S. Social Security Administration announced last week that it volition at present require a cell phone number from all Americans who wish to manage their retirement benefits at ssa.gov. Unfortunately, the new security measure does footling to forbid identity thieves from fraudulentlycreating online accounts to siphon benefits from Americans who haven't however created accounts for themselves.
The SSA said all new and existing 'my Social Security' business relationship holders will need to provide a jail cell phone number. The agency said it will employ the mobile numbers to ship users an eight-digit code via text message that needs to exist entered forth with a username and countersign to log in to the site.
The SSA noted it was making the alter to comply with an executive order for federal agencies to provide more secure hallmark for their online services.
"People will not be able to access their personal my Social Security business relationship if they do not accept a cell phone or do not wish to provide the prison cell phone number," the agency said. "The purpose of providing your cell phone number is that, each time you lot log in to your business relationship with your username and password, we will transport you a onetime security lawmaking yous must also enter to log in successfully to your account. We expect to provide additional options in the future, dependent upon requirements of national guidelines currently being revised."
Although the SSA's policy modify provides additional proof that the person signing in is the same individual who established multi-factor hallmark in the the first place, information technology does not appear to provide any boosted proof that the person creating an account at ssa.gov is who they say they are.
The SSA does offer other "extra security" options, such equally the sending users a special code via the U.S. Post that has to exist entered on the bureau'southward site to complete the signup process. If you lot choose to enable extra security, the SSA will then ask y'all for:
- The last eight digits of your Visa, MasterCard, or Detect credit card;
- Information from your W2 tax form;
- Information from a 1040 Schedule SE (self-employment) taxation form; or
- Your directly deposit amount, if you receive Social Security benefits.
Sadly, it is still relatively easy for thieves to create an account in the name of Americans who have not already created one for themselves. All one would demand is the target's proper name, date of nascence, Social Security number, residential accost, and phone number. This personal data can exist bought for roughly $three-$4 from a variety of cybercrime shops online.
After that, the SSA relays four multiple-guess, and then-called "knowledge-based authentication" or KBA questions from credit bureauEquifax. In practice, many of these KBA questions — such every bit previous accost, loan amounts and dates — can be successfully enumerated with random guessing. What'southward more, very often the answers to these questions can be institute by consulting costless online services, such as Zillow and Facebook.
In September 2013, I warned that SSA and financial institutions were tracking a rise in cases wherein identity thieves annals an business relationship at the SSA's portal using a retiree's personal information and accept the victim'southward benefits diverted to prepaid debit cards that the crooks control. Unfortunately, because the SSA's new security features are optional, they do little to block crooks from hijacking SSA benefit payments from retirees.
Considering it's possible to create simply ane my Social Security account per Social Security number, registering an account on the portal is one basic way that Americans tin can avoid condign victims of this scam.
To recap: In one case you establish and verify your account and start getting texted codes to login, from then on you lot will be more secure. If you have non signed up already, these new security options do not make it whatsoever more hard for someone else to sign up as you.
Because that many senior citizens are notwithstanding wary of text messages and probable have never sent or received 1, it's not articulate that these optional security measures will become over well. I would like to come across the SSA make it mandatory to receive a one-fourth dimension code via the U.S. Mail to finalize the creation of all new accounts, whether or not users opt for "extra security." Perhaps the agency volition require this in the future, just it's mystifying to me why it doesn't already do this by default.
In addition to the SSA'due south optional security measures, Americans can farther block ID thieves by placing a security freeze on their credit files with the major credit bureaus. Readers who take taken my incessant advice to freeze their credit will need to temporarily thaw the freeze in order to complete the procedure of creating an account at ssa.gov. Looked at another way, having a freeze in place blocks ID thieves from fraudulently creating an account in your proper noun and potentially diverting your government benefits.
Alternatively, citizens can cake online access to their Social Security account. Instructions for doing that are here.
The SSA's new text messaging system is manifestly experiencing some technical difficulties at the moment, at least for Verizon Wireless customers. The SSA posted this message on its site over the weekend: "Nosotros are working to fix a problem that is preventing Verizon wireless customers from receiving the jail cell phone security code. Verizon wireless customers are unable to access their personal my Social Securitybusiness relationship at this time."
Update, i:00 p.m. ET: For the record, I requested annotate from the SSA virtually why they did not patently contact all users past U.Due south. mail to verify their identities. I received the following response:
"The Social Security Administration protects the data entrusted to us and has strengthened the online registration process past making identity verification and hallmark more stringent. We cannot provide more details publicly every bit we don't desire to draw a roadmap for criminals."
Also, every bit one reader already pointed out in the comments below, the SSA's adoption of 2-factor SMS hallmark comes as the National Institute for Standards and Applied science (NIST) released a draft of new authentication guidelines that appear to exist phasing out the use of SMS-based two-factor authentication.
Update, Aug. 11, 2016: A source who helped me test some things for this story by signing up at the SSA'southward portal said he received a snail postal service letter the other day notifying him that someone signed up an account in his proper noun online. Then, the SSA is mailing messages if you sign upwardly online, but they don't take that opportunity to deliver a special code to securely complete the sign up. Become figure.
Source: https://krebsonsecurity.com/2016/08/social-security-administration-now-requires-two-factor-authentication/comment-page-1/
0 Response to "Ssdfacts We Cannot Process Your Request at This Time. Please Try Again Later."
Publicar un comentario