In our work as estate planning attorneys in Corona, we have heard from a number of senior citizens who have had the unfortunate experience of having to deal with fraud or identity theft. A recent rash of hackers accessing private information through both government and commercial websites has sparked a renewed interest in cyber security. SSA.gov, the official website of the Social Security Administration (SSA), has just added a two-step authentication process in an effort to better protect the benefits and sensitive information of social security recipients. This change went in to effect this past weekend, on June 10, 2017.
The process works by sending a code to either a user’s cell phone, or their email whenever an effort is made to access their Social Security online account. This code must then be entered on SSA.gov before any sensitive information is displayed. It is hoped that this extra layer of security will prevent data from becoming compromised even if a password is discovered by an unauthorized third party.
This is a modified version of a cyber security plan that the SSA proposed last summer, in which cell phones were the only mechanism to receive the code required to access the site. Many elderly beneficiaries opposed this system, as they claimed not to own a cell phone and would therefore be effectively locked out of their account if one was required to access it. Some may have had the option of using a relative’s phone, but that person may not have always been available when needed. The agency scrapped the plan approximately two weeks after it was announced due to this opposition.
Adding email as an option ensures seniors and others without a cell phone will be able to access their accounts, but it does have some significant drawbacks. Many individuals use the same passwords across multiple online accounts, enabling a hacker who discovered one to correctly guess the email password and access sensitive information despite the new verification process. The best way to combat this flaw is to use an email account with a password that is not shared with anything else, according to Baker & Hostetler digital media specialist Stephanie Lucas. The new verification process is also better than nothing even if it is not quite as secure as the SSA’s original proposal.
While some individuals do not have a cell phone or a computer, it is unlikely that they signed up for an SSA.gov account in the first place. SSA.gov makes it more convenient for recipients to access their benefit information and manage the bank account(s) it is deposited into, among other things. Registering for an account is not mandatory to receive benefits. This security measure will only impact the roughly 30 million social security recipients who previously registered for an online account, so there will be no change for those who still call the agency to make any changes or requests.
It is encouraging to see the SSA take an active role in protecting the identity of beneficiaries, but individuals should still be careful who they share sensitive information with. Prevention is always much more effective than trying to rectify a problem after the fact in matters of identity theft.