And Just Whose Bright Idea Was This? August 7, 2016Posted by Peter Varhol in Software platforms, Technology and Culture.
Tags: Social Security
Brilliant! What more can be said here? The Social Security Administration (they have their own exit ramp, off of Interstate 695 west of Baltimore) were under a mandate to improve security.
Okay, I get that, but their solution was to implement two-factor security using a challenge-response based on a phone text code. This is the only way you can access your account online.
This is where this seriously goes off the rails. It requires a mobile phone capable of sending and receiving texts. According to a recent study by the Pew Research Center, 92 percent of adult Americans have cell phones (whether or not they text is a different story), but only 78 percent of seniors, who might be most interested
The Social Security Administration recognizes that not everyone has a cell phone, but claimed not to be able to implement any other solution.
Um, no. My primary (maybe) bank, Bank of America, does a challenge-response access. You type in your account name, it comes back with a glyph that you have chosen to represent you with the bank. The purpose of the glyph is to assure you that you haven’t been redirected to a bogus site that wants to phish for your passwords and financial information. Only after you have verified that the glyph is yours do you enter your password. That approach is ultimately simpler than the text-based security system.
You may not have a cell phone for a variety of reasons, including no reception in your area (many rural areas of the US lack widespread cellular service). Probably those who grew up with landlines may feel less a need to carry a phone around with them, which also speaks of an older generation.
I don’t believe that the Social Security Administration was limited to a text-based security solution. On the surface, this seems to be yet another example of government not serving its constituents, because they don’t have to.