SS Multifactor Authentication without Cell Service

[Hermit]

I just got an e-mail from Social Security informing me that they will require multifactor authentication to log in to My Social Security. They will require a cell phone number that accepts texts so you can enter a texted number into the login. If you don't have that capability, sorry, you cannot log in to My Social Security.

My problem is there is no cell service in my area. I have phone messages forwarded to my Google e-mail account. Does anyone know if text messages can be forwarded from a cell phone to Gmail while still getting them on the cell phone?

This is getting complicated.

 

[SteveNU]

Government at its best! I know you can get text messages with a lot of phone services now but not sure how it would work.

Sent from my Nexus 7 using Early Retirement Forum mobile app

 

[athena53]

Sorry I can't help but this change really tees me off. I really don't want to give the gummint my mobile phone number even though I know they could track it down. Guess I'll be working with them by snail mail.

 

[GravitySucks]

I got the same email, but clicking through made it sound very much an opt in program and failing to sign up just leaves you with the same password based security you have now.

I know that Verizon has a web based service to send and receive text messages if you have a cell phone with them but don't have your phone with you.

How does the gubbermint track your whereabouts and social contacts if you don't have cell service?

 

[GravitySucks]

Sorry I can't help but this change really tees me off. I really don't want to give the gummint my mobile phone number even though I know they could track it down. Guess I'll be working with them by snail mail.

Don't worry. They already have it. Especially if you're buying throw away " burner phones" from Walmart.

 

[Animorph]

Guess SS and NIST don't get along very well:

https://www.engadget.com/2016/07/26/nist-sms-two-factor-authentication-guidelines/

"The US agency that sets guidelines and rules in cryptography and security matters is discouraging the use of text messaging in two-factor authentication. In the latest draft of its Digital Authentication Guideline, the National Institute of Standards and Technology (NIST) states that "[out of band authentication] using SMS is deprecated, and will no longer be allowed in future releases of this guidance." Out of band authentication means utilising a second device to verify your identity."

 

[easysurfer]

I got the same email, but clicking through made it sound very much an opt in program and failing to sign up just leaves you with the same password based security you have now.

I know that Verizon has a web based service to send and receive text messages if you have a cell phone with them but don't have your phone with you.

How does the gubbermint track your whereabouts and social contacts if you don't have cell service?

I got an email also. Sounded to me like the 2FA is a requirement and each time signing in, a one time text is required.

 

[Hermit]

Guess SS and NIST don't get along very well:

https://www.engadget.com/2016/07/26/nist-sms-two-factor-authentication-guidelines/

"The US agency that sets guidelines and rules in cryptography and security matters is discouraging the use of text messaging in two-factor authentication. In the latest draft of its Digital Authentication Guideline, the National Institute of Standards and Technology (NIST) states that "[out of band authentication] using SMS is deprecated, and will no longer be allowed in future releases of this guidance." Out of band authentication means utilising a second device to verify your identity."

Asking one arm of the government to know what another arm is doing is probably a little much. Even if one is supposed to set standards for the other to use.

 

[spud99]

You might try Google Voice. It has free texting and works from your browser. Not sure if it will work for this, but worth a try.

Sent from my LG-D801 using Early Retirement Forum mobile app

 

[Chuckanut]

The cell system is inherently insecure. They would be better off using something like Google Authenticater.


4

 

[gauss]

You might try Google Voice. It has free texting and works from your browser. Not sure if it will work for this, but worth a try.

Sent from my LG-D801 using Early Retirement Forum mobile app

+1 My first thought too...

Sent from my LGLS751 using Early Retirement Forum mobile app

 

[Hermit]

You might try Google Voice. It has free texting and works from your browser. Not sure if it will work for this, but worth a try.

Sent from my LG-D801 using Early Retirement Forum mobile app

That is where my cell voice mail messages are forwarded. I know I can send SMS texts to DS. I'll have to figure out if I can receive texts via my Google Voice number.

 

[Car-Guy]

Got the same email today. I'm for better security but this sucks. (Yes more security is usually inconvenient - check out the airports lately?) Here we have no choices and almost no notice. What if you don't have a cell phone, or don't have reliable service where you live or don't have/use the text capability, etc, etc.

Several of the banks I deal with have a similar 2FA system. However, they give you the options of cell phone text, email or automated land line voice and one will even allow you to opt out.

Guess that's just to complicated for the government. I was an advocate of their web service which "had been" working pretty well, and was user friendly. I really don't know why and I'm so surprised at something like this from the SSA!

 

[target2019]

Google Voice works. Mine was free when set up, but it may cost something now. I was able to text from email, phone, etc., both send and receive.

How about a tracfone or other paid phone just for this purpose?

Here is a list of services. Not sure if the list is current.

https://www.raymond.cc/blog/top-10-sites-receive-sms-online-without-phone/

 

[Alan]

What are the chances that it will work with an international number? Lots of expats live overseas.

Another government organisation, TreasuryDirect, has 2FA and they send the verification code to the email I have registered with them. (I can't remember if a cell number was an option).

 

[target2019]

That is where my cell voice mail messages are forwarded. I know I can send SMS texts to DS. I'll have to figure out if I can receive texts via my Google Voice number.

Note that there is an option to get google voice SMS in hangouts. I'm using that option.

 

[Dawg52]

Got the same email. No more than I log on to SS, not a problem. Also got something similar from Fidelity Investments. Won't send me a text code every time I log on, but for certain transactions and just at random. Not thrilled about that one either, but I can understand trying to make the system more secure.

 

[Sunset]

Sorry I can't help but this change really tees me off. I really don't want to give the gummint my mobile phone number even though I know they could track it down. Guess I'll be working with them by snail mail.

Darn gummint intruding on my privacy, I'm not even going to give SS my mailing address.

 

[tfudtuckerpucker]

If you have a google voice account, sms messages should be viewable here
https://www.google.com/voice#sms
Or, you can send them through google hangouts (here's how).

I really like all this free stuff from google, but sometimes it's a bit confusing to me. But wait, there's more- Google Duo and Google Allo are coming.

 

[travelover]

Another vote for Google Voice. I use it to send and receive texts as well as with Hangouts to make unlimited free calls.

 

[clobber]

Google Voice solves the international problem too. If you have a U.S. Google Voice number, you can send and receive text messages from anywhere in the world (laptop or cell phone), using your data.

I have a U.S GV number and send/receive my text messages anywhere I am in the world provided I have data access (e.g. local sim).

 

[timo2]

I use two factor authentication whenever possible. After a relative had his google mail taken over and the password changed, that could not have happened with two factor authentication. It's a pain, but there are a lot of hackers out there.

 

[Hermit]

I'll use my GV number. It should work fine. I'm going to sit on this for a while. Not that they might change their mind or anything...

 

[grasshopper]

I signed up with my Google voice number maybe a year ago. Worked than still works, I can't get Wells Fargo to accept Google voice.

 

[redshift]

+1. Google Voice has saved me many $$. Ported my home number to it years ago...

Sent from my VS986 using Early Retirement Forum mobile app