Am 28. Jul, 2016 schwätzte Tom Roche so: moin moin, Wow! That's just wrong even if there weren't any security issues. They shouldn't require access to a cell phone or access to a pay for use service. I hope there are still non-digital forms of interaction. ciao, der.hans > Hans Kugler[1] >>> web sites should not be given your phone number for 2 factor authentication. First of all, they don't need your phone number :). Secondly, it's not secure. Now the NIST agrees. > > So, as if on cue, > > Date: Fri, 29 Jul 2016 04:43:49 +0000 > From: Social Security Administration > Subject: New step to protect your privacy using my Social Security > >> Starting in August 2016, Social Security is adding a new step to protect your privacy as a my Social Security user. This new requirement is the result of an executive order for federal agencies to provide more secure authentication for their online services. > > ... > >> When you sign in at ssa.gov/myaccount with your username and password, we will ask you to add your text-enabled cell phone number. > > ... > >> Each time you sign into your account, you will complete two steps: > >> Step 1: Enter your username and password. >> Step 2: Enter the security code we text to your cell phone (cell phone provider's text message and data rates may apply). > > ... > >> If you do not have a text-enabled cell phone or you do not wish to provide your cell phone number, you will not be able to access your my Social Security account. > > FWIW, Tom Roche > > [1]: http://lists.phxlinux.org/lurker/message/20160727.071321.f24aaba8.en.html > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- # http://www.LuftHans.com/ http://www.PhxLinux.org/ # Intelligence without compassion is a waste. -- der.hans