Go to main Forum page »
My mother received an email today from “Social Security Administration” warning of “Important Changes to Access Your Social Security Account!”
It states that “soon you will no longer be able to sign into your online Social Security account using your username and password.” It goes on to say in the future, only a Login.gov or ID.me.account, and ends with a big button that says “Sign In to Your Account.”
I suspect this is bogus. Has anyone else received a similar email?
This is real, however I rarely if ever click on links in emails but go directly to the associated website directly to login and check for messages, in order to hopefully avoid nefarious actors.
Yep, that was the thought that prompted my original post. The form of the email seemed a little off to me. Just my suspicious nature.
I just used mysocialsecurity to see what happens when you login. Seems I am grandfathered because my account was established before a date in January 2021. When you login using your old credentials the site uses your email address to send you a 2FA message to confirm your identity, and then gives you the opportunity to transition to login.gov. At this point, you are not required to do so. I assume that at some future date it will be required. I have an ID.ME credential, and currently you can also use that as well as login.gov to access the site.
I also had a SSA account that was previously established in 2020 and this morning I created my login.gov authentication . I was prepared with a copy of my driver’s license and had taken a photo of myself but those were not requested by the automated registration process.
Login.gov and ID.ME are real. But that doesn’t mean the email she received and the big button is not an attempt to capture her credentials. I’ve never gotten such an email from SSA, OPM, nor IRS. I’ve received those notifications when I go their respective websites to login. I’d suggest not clicking the button in the email. Rather go directly to the http://www.ssa.gov site and go to their login page from there. The ssa.gov login page will present you with those options.
Addemdum 2: I actually didn’t put the link in the text above into my post. I did write “ssa.gov” which the software turned into a link. Unfortunately, it didn’t use https, but rather http. Ugh. sorry.
addendum: I did go back and check my email and I did get such a message from OPM back in May 2022. No button, but it did have clickable links (just as bad). I checked the cert and it was actually from OPM.gov, so there’s a good chance your email is legit. That said, I feel it’s generally safer to go directly to the website you want (preferably by using an existing bookmark rather than typing the url so you don’t typo the url and end up on a fake site). If the SSA is sending out emails, that would be a great time for a hacker to send out fake emails claiming to be from the SSA. And yeah, I’m probably a bit over the top when it comes to doubting emails and texts I’m not expecting.
Do you have any comments regarding bio-metric facial recognition that is being required with ID.me (that is a private company) that the IRS mandates vs. what the GSA (our government) is doing with with Login.gov? Appears there are two levels of Login.gov with GSA and only the higher level (with bio-metrics) is currently acceptable to the IRS.
Good question. No, I can’t say I have any particular extensive knowledge regarding Login.gov vs ID.me. But I suspect either is pretty safe since they both are authorized and in wide spread use by various state and government agencies. I use ID.me with the IRS and it lets me use a text code for the 2FA. I’ve been using it for quite a while, so maybe I’m grandfathered in. I just looked and there’s a long list of other options besides bio-metric for 2FA. So first off, while I’m not sure, maybe you can select one of the other options (including a security key or software push notifications). Second, if you can’t select another option, I will say that these days most of the extremely technical IT government work is done by private contractors versus federal employees. So I personally don’t have any problem with a private company managing this authentication data for the government. I don’t know, but I strongly suspect the ID.me contractor employees running the systems have to meet some stringent government security requirements to provide this service. I hope this helps.
Wonder why I haven’t received a notification…
I don’t believe I received a notice either but saw this when I went to check my SS account for retirement planning purposes, I was prompted to change my log in method. It was quite easy to do.
I saw a similar notice on the SSA website just yesterday.
Is ligit Ed
Thanks to you and William both!
See the press release of today at SSA.Gov.
Appears legit.
https://www.ssa.gov/news/press/releases/2024/#7-2024-1
Thanks for adding this link. It prompted me to finally migrate my account (and my wife’s) to Login.gov. 5-10 minutes for each migration.