Slashdot reader DERoss writes: Effective 1 August, the U.S. Social Security Administration (SSA) requires users who want to access their SSA accounts to use two-factor authentication. This involves receiving a “security” code via a cell phone text message. This creates two problems. First of all, many seniors who depend on the Social Security benefits to pay their living costs do not have cell phones [or] are not knowledgeable about texting.
More important, cell phone texting is NOT secure. Text messages can be hacked, intercepted, and spoofed. Seniors’ accounts might easily be less secure now than they were before 1 August… This is not because of any law passed by Congress. This is a regulatory decision made by top administrators at SSA. In addition, Krebs on Security reports that the new system “does not appear to provide any additional proof that the person creating an account at ssa.gov is who they say they are” and “does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven’t yet created accounts for themselves.” Users are only more secure after they create an account on the social security site — and Krebs also notes that ironically, the National Institute for Standards and Technology already appears to be deprecating the use of SMS-based two-factor authentication.
Read more of this story at Slashdot.