Saturday, August 6, 2016

My Social Security is Less Secure - NIST Says So - updated

    The Social Security Administration (SSA) changed its position concerning MFV several times in the previous year. They now insist on a method of a password and a directly distributed code for me to log into my account. 
     SSA now has a mandatory requirement that recipients must have a phone capable of receiving texts to be able to log into their accounts. The alternative is that SSA will email the account holder a login code.
     Of course, the assumption is that the account holder actually has fulltime possession of their phone or sole access to their email receiving device. How many times have you left your phone to charge in one room, while going to another on business?
     SSA does not provide Multi-Factor Verification; merely 2-Factor Authentication (2FA), which will not prevent accounts from being hacked.
     It does not stop there:  SSA also requires one to change the password to My Social Security, twice in a year. However, they only remind folks about their account and where to view it, once a year.
     The new password rules from the National Institute of Standards and Technology indicates that requiring an account holder to change their password periodically as a dangerous security protocol.