Last month, the SSA announced a two-factor authentication
system for online “my Social Security” accounts. The plan was for new and existing account holders to provide the SSA with a cell phone number; upon signing into their account, they would be
texted a PIN number for completing their login.
Initially, this change was mandatory for all users—people uncomfortable providing the SSA with a phone number would have to forgo conducting their Social Security-related business online.
The SSA recently rescinded this rule. This text message feature is still offered optionally for the security-conscious.
Computer security expert Brian Krebs offers further analysis here.