Here we go again. The Social Security Administration announced that, beginning June 10, users of the agency's online services will need a one-time code to log into My Social Security accounts, which provide access to personal benefit estimates and lifelong earnings records.
The agency's previous attempt to institute enhanced online security last year was short lived.
On July 30, 2016, the Social Security Administration (SSA) began requiring new and current Social Security account holders to sign into their account using a one-time code text message as an extra measure of online security. Two weeks later, the agency reversed itself in response to public outcry from senior advocacy groups and some members of Congress who noted that many seniors do not have cell phones or live in rural areas without reliable cell phone service.
"Online security is vital, but we feel alternate options should be offered," said Mary Johnson, a policy consultant with the Senior Citizens League advocacy group in Alexandria, Va., when the original security enhances were announced last year.
It looks like SSA was listening.
"Beginning June 10, 2017, we will use a second method to check the identification of My Social Security account holders," the agency said in a notice posted on its website. "You can choose either your cell phone or your email address as your second identification method."
"Using two ways to identify you when you log on will help better protect your account from unauthorized use and potential identify fraud," the notice explained.
The enhanced online security requirements are certainly timely, considering the worldwide cyberattack last week that infected computer systems in dozens of countries and crippled the hospital computer systems in Great Britain, trains in Germany and telephone service in Spain.
But some cybersecurity experts questions whether Social Security's new authentication process goes far enough.
"The Social Security Administration is implementing additional authentication steps, arguing that these steps will make the authentication stronger and help SSA 'protect what is important to you,'" Phil Dunkelberger, chief executive officer of Nok Nok Labs said in a statement. "They have come to the realization that a simple username and password is not sufficient to protect the retirement assets of millions of Americans. But the SSA seems to be missing the lessons learned from other federal organizations and our allies."
While the one-time code sent to a cell phone or email address may not be as sophisticated as some cybersecurity experts would like, it is a step in the right direction. In fact, merely establishing a personal online Social Security account is critical to prevent identity thieves from setting up unauthorized accounts. Only one account per Social Security number is permitted. So, if you set one up for yourself, the bad guys can't do it, thwarting them from possibly applying for and stealing your benefits.
Establishing an online account is also inevitable. The SSA announced in January 2017 that it will stop mailing estimated benefit statements to most American workers — again — in a cost-saving move that is expected to save about $11 million per year. Paper statements will now be sent only to people who are 60 or older who have not yet established online accounts with the agency and who are not yet receiving Social Security benefits.
SSA began mailing annual benefit statements to workers age 25 and older in 1999. Since then, the statements have become an essential part of financial planning, supplying critical information about future retirement income and serving as a stark reminder of the need for personal savings to supplement those benefits.
In mid-2011, the agency announced — for the first time — that it would stop mailing annual benefit statements as a cost-saving measure. But in response to congressional pressure, they were restored in 2014. Personalized digital statements, identical to the old paper version, first became available in May 2012. So far more than 27 million people have set up a personal online account.
Financial advisers should encourage all of their clients to establish online Social Security accounts to verify their future estimated retirement benefits, which are crucial to most retirement income plans. In addition to benefit estimates, the personalized statements provide individuals with a complete earnings history and the total payroll taxes paid on those earnings through their careers. Everyone should review those reported earnings at least once a year and promptly report any errors which could affect future benefits.
(Questions about new Social Security rules? Find the answers in my new ebook.)
Mary Beth Franklin is a contributing editor to InvestmentNews and a certified financial planner.