Dive Brief:
- The U.S. Social Security Administration announced it will now require two-factor authentication for people that choose to manage their retirement benefits at ssa.gov, according to Krebsonsecurity.
- The agency will now require a mobile phone number from users. It will then text an 8-digit code that users will need to log in to the site.
- The SSA said it made the change to meet the terms of an executive order requiring federal agencies to provide more secure online services
Dive Insight:
While the new measure is helpful, it unfortunately does nothing to prevent identity thieves from creating online accounts for people who haven’t yet created accounts for themselves, which they can easily do by registering for an account with a valid Social Security number. In recent years, the SSA and financial institutions saw numerous cases where identity thieves redirected benefits to prepaid debit cards that the criminals control.
The SSA said it does offer other additional security options, though they are not as intuitive.
U.S. federal, state and local government agencies rank lowest in cybersecurity when compared to the private sector, according to a report released in April by security risk benchmarking startup SecurityScorecard.