Beginning June 10, 2017, the Social Security Administration (SSA) will add a second method to check the identification of anyone signing onto their “My Social Security” account. This will be in addition to the first layer of security, the account holders username and password. This will affect residents of properties that required verification of Social Security income and managers of such properties should make their residents aware of the changes.
First, it is recommended that management encourage residents to set up a “My Social Security” account online with the SSA, and remind them to safely store their username and password. Also, this information should not be shared with anyone – including the manager of the property.
When signing in to their accounts on or after June 10, they will be able to choose either their cell phone number or their email address as the second method of identification. The SSA has put this procedure in place to better protect accounts from unauthorized use and potential identity fraud.
Since My Social Security became available in May 2012, more than 30 million people have created accounts. In the past, the SSA offered a second layer of protection only for customers who opted to use it. In the summer of 2016, the SSA added a second way to track identity when someone registered or signed into an account. However, at that time, the SSA only permitted the use of a cell phone as the second identification method. They quickly learned that many people do not have cell phones and as a result have implemented this new procedure. Since an email address is already required to use My Social Security, anyone should be able to utilize this new security layer.
Each time an account holder signs into their account, they will complete two steps:
- Enter username and password; and
- Enter the security code sent by the SSA. The code will be sent either by text message or email, depending on the choice of the account holder. This will be a one-time code and a new code will be sent each time the account is signed into.
Managers should inform residents of this new procedure and should also ensure that the management office email is not used as the email address to receive the code.