Social Security Administration Introduces 2FA
Posted by: Timothy Weaver on 05/10/2017 07:53 PM
[
Comments
]
The U.S. Social Security Administration website is trying to avert fraud on its website.
The agency is going to enforce further proof of identification beginning June 10. The government agency is announcing this "to help better protect your account from unauthorized use and potential identity fraud."
Similar to 2FA, in addition to a username and password, the user will be prompted to enter an email address or a cell phone number to which a passcode will be sent.
Security expert Brian Krebs has his reservations. "The idea that one can reset the password using the same email account that will receive the one-time code seems to lessen the value of this requirement as a security measure," he wrote.
The SSA tried a similar tactic a year ago but it failed because of technical difficulties and criticism that the process would fail to curtail identity theives who might be using stolen credentials.
Hackers with some personal information such as a target's name, date of birth, Social Security number, residential address, and phone number could still be able to someone else's name and divert funds. The SSA is suggesting that citizens register on the site before a theif is able to hack their account.
Source: SCMagazine
The agency is going to enforce further proof of identification beginning June 10. The government agency is announcing this "to help better protect your account from unauthorized use and potential identity fraud."Similar to 2FA, in addition to a username and password, the user will be prompted to enter an email address or a cell phone number to which a passcode will be sent.
Security expert Brian Krebs has his reservations. "The idea that one can reset the password using the same email account that will receive the one-time code seems to lessen the value of this requirement as a security measure," he wrote.
The SSA tried a similar tactic a year ago but it failed because of technical difficulties and criticism that the process would fail to curtail identity theives who might be using stolen credentials.
Hackers with some personal information such as a target's name, date of birth, Social Security number, residential address, and phone number could still be able to someone else's name and divert funds. The SSA is suggesting that citizens register on the site before a theif is able to hack their account.
Source: SCMagazine
Comments
