Left hand, meet right

[Craig Good]

Today the Social Security Administration sent me this in an email:

Starting in August 2016, Social Security is adding a new step to protect your privacy as a my Social Security user.  This new requirement is the result of an executive order for federal agencies to provide more secure authentication for their online services. Any agency that provides online access to a customer’s personal information must use multifactor authentication.  When you sign in at ssa.gov/myaccount with your username and password, we will ask you to add your text-enabled cell phone number.  The purpose of providing your cell phone number is that, each time you log in to your account with your username and password, we will send you a one-time security code you must also enter to log in successfully to your account.

And then a friend sent me this link:

NIST Recommends SMS Two Factor Authentication Deprecation.

Meanwhile, I note that the SSA still hasn't gotten the memo from circa 1995 that only one space should be used after a period. It's all quite confidence inspiring.

[David Fetter]

On Fri, Jul 29, 2016 at 02:53:00PM -0700, Craig Good wrote:
> Today the Social Security Administration sent me this in an email:
>
> Starting in August 2016, Social Security is adding a new step to protect

> > your privacy as a *my* Social Security user. This new requirement is the

> > result of an executive order for federal agencies to provide more secure
> > authentication for their online services. Any agency that provides online
> > access to a customer’s personal information must use multifactor
> > authentication.
>
>
> > When you sign in at ssa.gov/myaccount

> > <https://links.ssa.gov/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTYwNzI5LjYyMDk1NTIxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE2MDcyOS42MjA5NTUyMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE2Nzg5MjUxJmVtYWlsaWQ9Y2xnb29kQG1lLmNvbSZ1c2VyaWQ9Y2xnb29kQG1lLmNvbSZ0YXJnZXRpZD0mZmw9Jm12aWQ9JmV4dHJhPSYmJg==&&&100&&&https://www.ssa.gov/myaccount/> with

> > your username and password, we will ask you to add your text-enabled cell
> > phone number. The purpose of providing your cell phone number is that,
> > each time you log in to your account with your username and password, we
> > will send you a one-time security code you must also enter to log in
> > successfully to your account.
>
> And then a friend sent me this link:
>
> NIST Recommends SMS Two Factor Authentication Deprecation

> <https://threatpost.com/nist-recommends-sms-two-factor-authentication-deprecation/119507/>
> .

>
> Meanwhile, I note that the SSA still hasn't gotten the memo from circa 1995
> that only one space should be used after a period. It's all quite
> confidence inspiring.

In crypto, we discovered not later than WWII that a credential needs
to be easy to revoke and re-issue. The SSN, despite laws forbidding
it, is such a credential. Have you ever heard of anybody actually
trying to get theirs changed? Succeeded?

*sigh*

Best,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

[Craig Good]

I’m so old that I remember when my SS card said “Not to be used for identification”. Not that I’d expect honesty from an outfit running a Ponzi scam.

> On Jul 29, 2016, at 15:05 PM, David Fetter <da...@fetter.org> wrote:
>
> In crypto, we discovered not later than WWII that a credential needs
> to be easy to revoke and re-issue. The SSN, despite laws forbidding
> it, is such a credential. Have you ever heard of anybody actually
> trying to get theirs changed? Succeeded?

--
--Craig WWWAYD?
clg...@me.com http://www.craig-good.com

"Vote: The instrument and symbol of a free man's power to make a
fool of himself and a wreck of his country."
--Ambrose Bierce