Slashdot Mirror
Is The US Social Security Site Still Vulnerable To Identity Theft? (krebsonsecurity.com)
Slashdot reader DERoss writes: Effective 1 August, the U.S. Social Security Administration (SSA) requires users who want to access their SSA accounts to use two-factor authentication. This involves receiving a "security" code via a cell phone text message. This creates two problems. First of all, many seniors who depend on the Social Security benefits to pay their living costs do not have cell phones [or] are not knowledgeable about texting.
More important, cell phone texting is NOT secure. Text messages can be hacked, intercepted, and spoofed. Seniors' accounts might easily be less secure now than they were before 1 August... This is not because of any law passed by Congress. This is a regulatory decision made by top administrators at SSA.
In addition, Krebs on Security reports that the new system "does not appear to provide any additional proof that the person creating an account at ssa.gov is who they say they are" and "does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven't yet created accounts for themselves." Users are only more secure after they create an account on the social security site -- and Krebs also notes that ironically, the National Institute for Standards and Technology already appears to be deprecating the use of SMS-based two-factor authentication.
More important, cell phone texting is NOT secure. Text messages can be hacked, intercepted, and spoofed. Seniors' accounts might easily be less secure now than they were before 1 August... This is not because of any law passed by Congress. This is a regulatory decision made by top administrators at SSA.
In addition, Krebs on Security reports that the new system "does not appear to provide any additional proof that the person creating an account at ssa.gov is who they say they are" and "does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven't yet created accounts for themselves." Users are only more secure after they create an account on the social security site -- and Krebs also notes that ironically, the National Institute for Standards and Technology already appears to be deprecating the use of SMS-based two-factor authentication.
Screw those people who can't be bothered to keep up with technology and all the changes it brings.
My favorite thing that pisses me off is when I go to the grocery store or the local big-box superstore and I am in line behind a senior citizen who can't figure out how to use their check card and then, they complain to the cashier that "they can't get all this stuff with computers" or some other such dribble. Or, they can't work an ATM machine.
I cry bullshit.
All of these people in their late sixties and above were in their twenties or thirties when computerized accounting systems began rolling out in stores, offices, and even such places as the local DMV. ATMs have been around since the early- to mid-1960s (if not longer). So for them to make a statement like they don't understand it is more akin to them just being too lazy to try.
There are plenty of average senior citizens who can handle ATMs, card readers, cellphones, smartphones, and computers just fine.
So the rest of those whiny bastards need to get with the program.
Disclaimer: I'm a 43 year old white male who is tired of seeing people being lazy and such. Truthfully, I don't give a damn about their age. I'm just tired of the complaining.