惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Latest
Security Latest
Recorded Future
Recorded Future
人人都是产品经理
人人都是产品经理
S
SegmentFault 最新的问题
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 三生石上(FineUI控件)
博客园 - 聂微东
P
Privacy & Cybersecurity Law Blog
WordPress大学
WordPress大学
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
量子位
L
LINUX DO - 热门话题
L
Lohrmann on Cybersecurity
博客园 - Franky
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Tor Project blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
雷峰网
雷峰网
阮一峰的网络日志
阮一峰的网络日志
V
Visual Studio Blog
T
Threatpost
T
Tenable Blog
有赞技术团队
有赞技术团队
大猫的无限游戏
大猫的无限游戏
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
C
Cisco Blogs
H
Heimdal Security Blog
Attack and Defense Labs
Attack and Defense Labs
A
About on SuperTechFans
Last Week in AI
Last Week in AI
N
News and Events Feed by Topic
T
Threat Research - Cisco Blogs
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
I
Intezer
V
V2EX
Cyberwarzone
Cyberwarzone
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
B
Blog RSS Feed
V
Vulnerabilities – Threatpost
N
Netflix TechBlog - Medium
T
The Blog of Author Tim Ferriss
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
U
Unit 42
PCI Perspectives
PCI Perspectives
P
Privacy International News Feed
D
Docker

Comments for Lauren Weinstein's Blog

Chrome Remote Desktop – Lauren Weinstein's Blog How Some Software Designers Don’t Seem to Care About the Elderly – Lauren Weinstein's Blog Here’s How to Disable Google Chrome’s Confusing New URL Hiding Scheme – Lauren Weinstein's Blog YouTube’s Public Videos Dilemma – Lauren Weinstein's Blog YouTube’s Public Videos Dilemma – Lauren Weinstein's Blog Why We May Have to Cut Europe Off from the Internet – Lauren Weinstein's Blog Don’t Blame YouTube and Facebook for Hate Speech Horrors – Lauren Weinstein's Blog A Terrible Decision by the Internet Archive May Lead to Widespread Blocking – Lauren Weinstein's Blog Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily – Lauren Weinstein's Blog Another Massive Google User Trust Failure, As They Kill Louisville Fiber on Short Notice – Lauren Weinstein's Blog Google Users Panic Over Google+ Deletion Emails: Here’s What’s Actually Happening – Lauren Weinstein's Blog The Tool That Could Save Google+ Relationships – Lauren Weinstein's Blog Google Finally Speaks About the G+ Shutdown: Pretty Much Tells Users to Go to Hell – Lauren Weinstein's Blog Paid “Ad-Free” YouTube Premium Is Now Showing Ads – Lauren Weinstein's Blog The New “Google Contacts” – Lauren Weinstein's Blog A New Invite-Only Forum for Victims of Google’s Google+ Purge – Lauren Weinstein's Blog How to Disable Gmail’s Annoying New “Smart Compose” Predictive Typing Feature – Lauren Weinstein's Blog Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily – Lauren Weinstein's Blog Fixing Google’s Gmail Spam Problems – Lauren Weinstein's Blog Explaining YouTube’s VERY Cool New Aspect Ratio Changes – Lauren Weinstein's Blog Why We May Have to Cut Europe Off from the Internet – Lauren Weinstein's Blog When Google Gets Your Location Wrong! – Lauren Weinstein's Blog Google Asked Me How I’d Fix Chrome Remote Desktop — Here’s How! – Lauren Weinstein's Blog A Terrible Decision by the Internet Archive May Lead to Widespread Blocking – Lauren Weinstein's Blog Emergency Transition to IPv7 Is Necessary! – Lauren Weinstein's Blog
Social Security Administration Cutting Off Users Who Can’t Receive Text Messages – Lauren Weinstein's Blog
2019-11-14 · via Comments for Lauren Weinstein's Blog

UPDATE (14 August 2016): I’m told that SSA has removed the mandatory cell phone text messaging access requirement that was strongly criticized in the original posting below. I appreciate that SSA has now done the right thing in this case. Perhaps in the future they’ll think these things through better ahead of time!

– – –

If you don’t have a cell phone, or some other means to receive SMS text messages (and have them enabled, and know how to deal with them), you won’t be able to access your Social Security Administration “My Social Security” online account starting next month.

The SSA is currently sending out emails announcing that SSA online users MUST receive an SMS text message with a two-factor authentication code to access their accounts starting in August.

UPDATE (29 July 2016): Here is the official SSA announcement.
UPDATE (14 August 2016): SSA has now deleted this referenced announcement page since they have removed the mandatory cell phone text messaging login requirement, as noted in the update at the start of this posting.

According to Congressional testimony in May, SSA “expects” to make other two-factor methods available at some point in the future.

While the “expectation” of additional two-factor options at some unspecified time down the line is interesting, the move to now block users who do not have cell phones, or text message capable cell phones, or do not have text messaging enabled, or do not know how to access and read text messages — IS UNACCEPTABLE, especially on such short notice to SSA users.

Two-factor authentication systems are very important, but keep in mind that SSA by definition is dealing mostly with older users who may have only recently become comfortable with online services, and may not make any use of text messaging. Many do not have cell phones or somebody to receive text messages for them. There are also many people living in rural areas where cell phone service simply is not available at all!

Additionally — and ironically — text messaging is considered to be a substandard means of receiving two-factor authentications. And — get this boys and girls — NIST (the USA’s National Institute of Standards and Technology) — just a few days ago officially declared that text messaging based two-factor should no longer be used at all — it’s simply not safe and secure. The possibility of crooks leveraging this SSA text messaging system with fake messages targeting this particularly vulnerable user population is also very real.

It appears that SSA has really mucked this one up. This isn’t secure two-factor, it’s a three-ring circus. And it’s going to leave many SSA users out in the cold.

–Lauren–
I have consulted to Google, but I am not currently doing so — my opinions expressed here are mine alone.