More About Multifactor Authentication (MFA)

Social Security continues to evaluate and improve how we protect what’s important to the millions of people who work or receive benefits. We take this responsibility seriously, and we have a robust cybersecurity program in place to help protect the personal information entrusted to us. Adding new security measures to safeguard personal information — but making them easy to use — is a vital part of keeping the public safe and secure.

On June 10, 2017, we implemented a second method to check the identification of my Social Security account holders when they register or sign in. This is in addition to the first layer of security, which is a username and password. Users can choose either their cell phone or email address as a second identification method. Two forms of identification when signing in will help better protect accounts from unauthorized use and potential identity fraud.

Now, each time a user signs in to their account, they will complete two steps:

If a user does not have a text-enabled cell phone, or does not wish to provide their cell phone number, they will need to use their email address as a second identification method instead. Since an email address is required to use my Social Security, everyone can continue to benefit from the features my Social Security provides. To ensure you receive the email with the one-time security code timely and it does not go into your spam or junk folder, you can add NO-REPLY@ssa.gov to your contact list.

Social Security is committed to providing our customers with convenient and secure online access to their personal information, helping secure their today and tomorrow.