[Infowarrior] - Fwd: [IP] Lauren's Blog: "Confirmed and Unacceptable: Social Security Administration Cutting Off Users Who Can't Receive Text Messages"

Richard Forno rforno at infowarrior.org
Fri Jul 29 15:20:05 CDT 2016 

--
It's better to burn out than fade away.


> From: "Dave Farber" <farber at gmail.com>
> 
> Begin forwarded message:
> 
>> From: Lauren Weinstein <lauren at vortex.com <mailto:lauren at vortex.com>>
>> Date: July 29, 2016 at 2:35:40 PM EDT
>> To: nnsquad at nnsquad.org <mailto:nnsquad at nnsquad.org>
>> Subject: [ NNSquad ] Lauren's Blog: "Confirmed and Unacceptable: Social Security Administration Cutting Off Users Who Can't Receive Text Messages"
>> 
>> 
>>                Confirmed and Unacceptable: Social Security Administration 
>>                     Cutting Off Users Who Can't Receive Text Messages
>> 
>> https://lauren.vortex.com/2016/07/ssa-cutting-off-users-who-cant-receive-text-messages <http://postlink.www.listbox.com/2173311/ece433dd026ee5199aa705f654639299/126368/2b613309?uri=aHR0cHM6Ly9sYXVyZW4udm9ydGV4LmNvbS8yMDE2LzA3L3NzYS1jdXR0aW5nLW9mZi11c2Vycy13aG8tY2FudC1yZWNlaXZlLXRleHQtbWVzc2FnZXM>
>> 
>> 
>> If you don't have a cell phone, or some other means to receive SMS
>> text messages (and have them enabled, and know how to deal with them),
>> you won't be able to access your Social Security Administration "My
>> Social Security" online account starting next month.
>> 
>> The SSA is currently sending out emails announcing that SSA online
>> users MUST receive an SMS text message with a two-factor
>> authentication code to access their accounts starting in August.
>> 
>> According to Congressional testimony in May, SSA "expects" to make
>> other two-factor methods available at some point in the future.
>> 
>> While the "expectation" of additional two-factor options at some
>> unspecified time down the line is interesting, the move to now block
>> users who do not have cell phones, or text message capable cell
>> phones, or do not have text messaging enabled, or do not know how to
>> access and read text messages -- IS UNACCEPTABLE, especially on such
>> short notice to SSA users.
>> 
>> Two-factor authentication systems are very important, but keep in mind
>> that SSA by definition is dealing mostly with older users who may have
>> only recently become comfortable with online services at all, and may
>> not make any use of text messaging. Many do not have cell phones or
>> somebody to receive text messages for them.
>> 
>> Additionally -- and ironically -- text messaging is considered to be a
>> substandard means of receiving two-factor authentications. And -- get
>> this boys and girls -- NIST (the USA's National Institute of Standards
>> and Technology) -- just a few days ago officially declared that text
>> messaging based two-factor should no longer be used at all -- it's
>> simply not safe and secure.
>> 
>> It appears that SSA has really mucked this one up. This isn't secure
>> two-factor, it's a three-ring circus. And it's going to leave many SSA
>> users out in the cold.
>> 
>> --Lauren--
>> Lauren Weinstein 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20160729/d5b21447/attachment-0001.html>

More information about the Infowarrior mailing list