Saturday, August 27, 2016

If All Else Fails Listen to the Customer

Government works well, right? Well just look at the Social Security Admins new Internet Security scheme. They call it "multifactor authentication". Simply when you logged in with your ever changing password you must also have a mobile phone with text messaging. Not an email connection, but a decade old text system which costs you about $0.25 per message at least. Then they, SSA, sends you an additional authentication key, which you then enter int your SSA web site.

Now there is the Mini Mental Exam, that wonderful test we use to test old folks for mental acuity. This 80 year old comes in while under a dozen mind altering meds and we ask them to count backwards from 100 by sevens! No child currently in a Public School with no meds could do this, but we want Grand Ma to do it. Now we want grandma to use a multi transactional random key entry system, like arming a nuclear warhead, to get on their SSA site!

As SSA has stated:

On July 30, 2016, we began requiring you to sign into your my Social Security account using a one-time code sent via text message. We implemented this new layer of security, known as “multifactor authentication,” in compliance with a Presidential executive order to improve the security of consumer financial transactions.  SSA implemented the improvements aggressively because we have a fundamental responsibility to protect the public’s personal information.
However, multifactor authentication inconvenienced or restricted access to some of our account holders. We’re listening to your concerns and are responding by temporarily rolling back this mandate. As before July 30, you can now access your secure account using only your username and password. We highly recommend the extra security text message option, but it is not required. We’re developing an alternative authentication option, besides text messaging, that we’ll begin implementing within the next six months.We strive to balance security and customer service option...

Frankly one should ask what moron came up with this approach. Most SSI recipients are on limited incomes, many have limited mental faculties to deal with this, and then we get a procedure that is not even used for launch codes! Why? Because they can't keep their own system secure. So what do they do? Put the burden on the customer. No business would survive with this type action.

One wonders where the get the people who run these organizations? Take a look and you would be shocked, or perhaps not. If you think the Presidential race is an issue you really should look behind the curtains at the million or so Federal employees. 

Let's see what SSA comes up with next!

But one should read the comments on the SSA site referenced above. The individual in charge of this fiasco was Jim Borland, Assistant Deputy Commissioner, Communications. People said such things as:

Evidently you’re committed to making it impossible to use My Social Security. Extra burdens do NOT make things more secure. Thanks for nothing.

There are many simpler and more effective schemes. However security starts with the team that operates the servers and comm interfaces. That means the SSA. Specifically the above named person. Pushing it off to the "customers" is just reckless and abusive. But alas, it is our Government. Could it be worse? Try the EU.