Access to Social Security online requires text code

Social Security recipients who hold online "my Social Security" accounts will no longer be able to access those accounts unless they have a cellphone with text messaging capabilities under a new agency directive.

The newly mandated policy came in response to efforts to tighten the site's online security and protect user data -- but the measures also prevent account access for those who do not have cellphones or do not wish to turn over their cellphone numbers to the agency.

The agency's new multifactor authentication requires online "my Social Security" account holders to use their cellphones, along with their usernames and passwords, during online registration and for every sign in. Those accessing their accounts online will require use of a security code -- sent by text message to a cellphone -- along with their login credentials to view their accounts.

But for many, namely senior citizens and those without texting capabilities or reliable cell service, this added security could pose problems.

Jessie Gibbons, senior policy analyst for the Senior Citizens League -- a nonpartisan independent citizens action group geared toward educating senior citizens about their rights and protecting their Social Security, Medicare, and veteran or military retiree benefits -- said many senior citizens, especially those who are older, don't have cellphones.

However, Gibbons said, even those who do have cellphones may not have texting plans or may live in areas with unreliable access to cell service, particularly those who live in rural areas.

Under the agency's website page detailing multifactor authentication, the page cites the plan's shortcomings, stating, "We understand the inconvenience the text message solution may cause for some of our customers. We recognize that not every my Social Security account holder may have a cellphone, have consistent cell service in a rural area, or be able to receive a text message."

Gibbons said she had concerns about the new mandate, particularly for those who could lose access to their accounts and those who might have trouble navigating Social Security's phone lines or visiting its offices in person.

According to the National Council of Social Security Management Associations, a Social Security management arm for field offices and teleservice centers, the average wait time for reaching a Social Security representative in 2014 was 31.5 minutes. Still, other offices today, both regional and the national administration's office, can take more than an hour to connect an assistant to a caller.

"Until this is fixed [those senior citizens] are going to lose access to their online account," Gibbons said. "The only other options once their online accounts are taken away is to call the 1-800 number which can take hours and hours to talk to an individual, or traveling to a Social Security office which could be 30 minutes to an hour's drive, or even longer."

Gibbons said one of her biggest concerns was the lack of communication to Social Security's beneficiaries.

"We first found out about it on [July 29] and it went into effect on Monday which was very quick," she said. "I'm sure many senior citizens had no idea until they went to log into their accounts that this was happening."

Above all, Gibbons said, Social Security needs to make other means of account authentication available as soon as possible.

Michael Rowett, spokesman for AARP Arkansas, said the organization supports efforts to protect individuals from identity theft, but also cited concerns about the new policy.

"We are still reviewing this change to fully understand its impact on the many different individuals who want to access information about their Social Security benefits, and are concerned that this change may not accommodate all users," he said.

But the agency's website states that Social Security is limited to text messages for the plan's initial implementation due to "technical and resource constraints." The site also states, "We may consider adding additional options in the future."

According to a blog post listed on its website, Social Security authorities state that the added security measure complies with Executive Order 13681 that requires federal agencies to provide more secure authentication in their online services.

In a blog post Wednesday entitled "New Online Security" by Jim Borland, the agency's assistant deputy commissioner for communications, the agency has offered this layered authentication process as an option since it launched "My Social Security" in May 2012. Today, the authentication is required for all 26 million "my Social Security" users.

Borland's blog post had reached 165 online comments between Wednesday and Thursday afternoon -- nearly all of them opposed to the new policy, calling the authentication a bad policy and out of touch with Social Security's target population.

Many commenters cited not having a cellphone, either because they could not afford one or were hearing impaired, or said they live outside the United States and are unable to receive text messages.

When contacted by the Arkansas Democrat-Gazette by phone, a Social Security representative told a reporter to email questions to the general Social Security media office. The first email response from Sarah Schultz-Lackey, the agency's Dallas regional spokesman, contained responses taken almost verbatim from the administration's website page entitled "More About Multifactor Authentication (MFA)" and a website update posted on Tuesday.

When contacted a second time by phone requesting an over-the-phone interview, a Social Security representative again directed the reporter to email. Schultz-Lackey again responded, writing "While we are not able to accommodate that request, we would be happy to receive any other questions you may have."

When asked again for an interview by phone, Schultz-Lackey replied, "We cannot accommodate your request for an interview."

State Desk on 08/05/2016