惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
F
Fortinet All Blogs
B
Blog
GbyAI
GbyAI
P
Proofpoint News Feed
量子位
The Register - Security
The Register - Security
宝玉的分享
宝玉的分享
大猫的无限游戏
大猫的无限游戏
云风的 BLOG
云风的 BLOG
V
Visual Studio Blog
B
Blog RSS Feed
WordPress大学
WordPress大学
Recorded Future
Recorded Future
Recent Announcements
Recent Announcements
V
Vulnerabilities – Threatpost
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Secure Thoughts
雷峰网
雷峰网
Stack Overflow Blog
Stack Overflow Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Webroot Blog
Webroot Blog
AWS News Blog
AWS News Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The GitHub Blog
The GitHub Blog
爱范儿
爱范儿
O
OpenAI News
月光博客
月光博客
H
Hacker News: Front Page
S
Security Affairs
W
WeLiveSecurity
The Hacker News
The Hacker News
aimingoo的专栏
aimingoo的专栏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Help Net Security
Help Net Security
MongoDB | Blog
MongoDB | Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
D
Docker
T
The Blog of Author Tim Ferriss
Spread Privacy
Spread Privacy
Blog — PlanetScale
Blog — PlanetScale
J
Java Code Geeks
S
Securelist
Microsoft Azure Blog
Microsoft Azure Blog
TaoSecurity Blog
TaoSecurity Blog
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
A
About on SuperTechFans

Comments for Lauren Weinstein's Blog

Chrome Remote Desktop – Lauren Weinstein's Blog How Some Software Designers Don’t Seem to Care About the Elderly – Lauren Weinstein's Blog Here’s How to Disable Google Chrome’s Confusing New URL Hiding Scheme – Lauren Weinstein's Blog YouTube’s Public Videos Dilemma – Lauren Weinstein's Blog YouTube’s Public Videos Dilemma – Lauren Weinstein's Blog Why We May Have to Cut Europe Off from the Internet – Lauren Weinstein's Blog Don’t Blame YouTube and Facebook for Hate Speech Horrors – Lauren Weinstein's Blog A Terrible Decision by the Internet Archive May Lead to Widespread Blocking – Lauren Weinstein's Blog Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily – Lauren Weinstein's Blog Another Massive Google User Trust Failure, As They Kill Louisville Fiber on Short Notice – Lauren Weinstein's Blog Google Users Panic Over Google+ Deletion Emails: Here’s What’s Actually Happening – Lauren Weinstein's Blog The Tool That Could Save Google+ Relationships – Lauren Weinstein's Blog Google Finally Speaks About the G+ Shutdown: Pretty Much Tells Users to Go to Hell – Lauren Weinstein's Blog Paid “Ad-Free” YouTube Premium Is Now Showing Ads – Lauren Weinstein's Blog The New “Google Contacts” – Lauren Weinstein's Blog A New Invite-Only Forum for Victims of Google’s Google+ Purge – Lauren Weinstein's Blog How to Disable Gmail’s Annoying New “Smart Compose” Predictive Typing Feature – Lauren Weinstein's Blog Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily – Lauren Weinstein's Blog Fixing Google’s Gmail Spam Problems – Lauren Weinstein's Blog Explaining YouTube’s VERY Cool New Aspect Ratio Changes – Lauren Weinstein's Blog Why We May Have to Cut Europe Off from the Internet – Lauren Weinstein's Blog When Google Gets Your Location Wrong! – Lauren Weinstein's Blog Google Asked Me How I’d Fix Chrome Remote Desktop — Here’s How! – Lauren Weinstein's Blog A Terrible Decision by the Internet Archive May Lead to Widespread Blocking – Lauren Weinstein's Blog Emergency Transition to IPv7 Is Necessary! – Lauren Weinstein's Blog
Social Security Administration Cutting Off Users Who Can’t Receive Text Messages – Lauren Weinstein's Blog
2019-11-14 · via Comments for Lauren Weinstein's Blog

UPDATE (14 August 2016): I’m told that SSA has removed the mandatory cell phone text messaging access requirement that was strongly criticized in the original posting below. I appreciate that SSA has now done the right thing in this case. Perhaps in the future they’ll think these things through better ahead of time!

– – –

If you don’t have a cell phone, or some other means to receive SMS text messages (and have them enabled, and know how to deal with them), you won’t be able to access your Social Security Administration “My Social Security” online account starting next month.

The SSA is currently sending out emails announcing that SSA online users MUST receive an SMS text message with a two-factor authentication code to access their accounts starting in August.

UPDATE (29 July 2016): Here is the official SSA announcement.
UPDATE (14 August 2016): SSA has now deleted this referenced announcement page since they have removed the mandatory cell phone text messaging login requirement, as noted in the update at the start of this posting.

According to Congressional testimony in May, SSA “expects” to make other two-factor methods available at some point in the future.

While the “expectation” of additional two-factor options at some unspecified time down the line is interesting, the move to now block users who do not have cell phones, or text message capable cell phones, or do not have text messaging enabled, or do not know how to access and read text messages — IS UNACCEPTABLE, especially on such short notice to SSA users.

Two-factor authentication systems are very important, but keep in mind that SSA by definition is dealing mostly with older users who may have only recently become comfortable with online services, and may not make any use of text messaging. Many do not have cell phones or somebody to receive text messages for them. There are also many people living in rural areas where cell phone service simply is not available at all!

Additionally — and ironically — text messaging is considered to be a substandard means of receiving two-factor authentications. And — get this boys and girls — NIST (the USA’s National Institute of Standards and Technology) — just a few days ago officially declared that text messaging based two-factor should no longer be used at all — it’s simply not safe and secure. The possibility of crooks leveraging this SSA text messaging system with fake messages targeting this particularly vulnerable user population is also very real.

It appears that SSA has really mucked this one up. This isn’t secure two-factor, it’s a three-ring circus. And it’s going to leave many SSA users out in the cold.

–Lauren–
I have consulted to Google, but I am not currently doing so — my opinions expressed here are mine alone.