SAN FRANCISCO (CBS SF) — Companies requiring users to provide an extra security code — usually sent to a cell phone — in order to access accounts is causing some confusion.
John Mortimer was skeptical when he got an email about his Social Security benefits.
“I thought it was a scam. I thought it was clickbait,” said Mortimer. “Something about a one-time only text code.”
The message states Social Security had added the requirement that people to enter a code sent via text message every time they want to sign-into their online accounts.
“It just seemed all wrong to me,” said Mortimer. “How did they even know I had a smart phone?”
But the email was legit.
Citing an executive order to make online services more secure, the Social Security Administration instituted multifactor authentication.
In addition to a log-in and password, the new security measure also required users enter a text code.
The problem is not all seniors have a text-enabled cell phone.
“I think where the cart got before the horse is when they made it mandatory,” computer security specialist Ronald Nutter told KPIX 5.
Nutter points out that requiring an extra method of verification — either through an app or text message — is the new online security standard.
For example, if you forget your password, many companies will text or email you a code to reset it.
That poses a problem for many Social Security recipients.
“70 to 80 percent of the people who get on the Social Security site don’t have a smart phone and wouldn’t know how to set up two factor authentication.”
That was a factor the feds apparently didn’t anticipate. Once they realized the issue, officials temporarily rolled back the text message requirement.
Officials admitted it “inconvenienced or restricted access to some of our account holders.”
While future generations of Social Security recipients may be more likely to embrace the technology, many like Mortimer are happy to hear, they wont have to just yet.
“Obviously I was right!” exclaimed Mortimer. A lot of people didn’t like it either! ”
While many are applauding the agency for attempting to increase security, the National Institute of Standards and Technology recently recommended government agencies move away from using text messages for multi-factor authentication, citing security concerns since texts can be intercepted.
The SSA says it is currently developing an “alternative authentication option.”