TOPICS
TOPICS
TSP to halt use of Social Security numbers as account IDs
In an effort to enhance security, the 3.8 million participants in the federal Thrift Savings Plan will no longer be identified by their Social Security numbers, officials for the retirement savings program announced Friday.
Starting Oct. 1, TSP enrollees will begin using account numbers in place of Social Security numbers, the Federal Retirement Thrift Investment Board announced in the Federal Register. Participants also will begin using passwords in place of 4-digit personal identification numbers for online transactions, officials said.
According to a notice posted on the TSP Web site in August, participants will use the new account number in conjunction with the TSP Web password to access their accounts online. Social Security numbers will still be used in some situations. For instance, service representatives might use them to further verify participants' identities, the Web notice said.
Participants can expect to receive their new account numbers by mail in September, officials said. "Although we know that moving to account numbers may be inconvenient for some participants, we hope you understand that this is just one step in ensuring the security of your TSP account," the Web site stated.
Mark Hagerty, the plan's chief information officer, said in June 2006 that he wanted to expand TSP's security measures by enabling participants to switch to using account numbers. Concerns mounted in late December, after hackers accessed the accounts of participants and stole $35,000.
The board will discuss the change at the monthly meeting next week, said David Toro, a congressional inquiries analyst for the TSP. "Regarding future security measures, we continue to study the issue to stay ahead of the curve," he said.
COMMENTS
- Numbers, I still await the dreaded change; a necessary evil, even if still being necessary. But I read your posting and thought, “Wow. They must really want this to be secure!” And immediately thereafter thought, “Wow. They made it long enough to defeat any security gains whatsoever.” And the first thing they tell you about password security is? NOT TO WRITE IT DOWN. May I ask what percentage of the population will be able to remember such a monstrosity without writing it down? Tip off Posted September 24, 2007 4:06 PM
- Mine just came in the mail. 13 digits! Who came up with that idea? Numbers Man Posted September 16, 2007 8:31 PM
- Paul: the TSP does not currently have the capability to communicate directly with you via email because their system does not have any means to maintain your email addy permanently on file. It was not something that crossed the minds of the contractor who designed the system at the time. The email notification you get is a 3rd party system operated by GovDeliv for bulk delivery of general interest information only. The TSP has no idea who may have subscribed to the GovDeliv service. The email confirmation of interfund transfers is a one-business-day retention affair, i.e., if you give them your email addy at the time of your online transaction, the system will hold it overnight to send you the confirmation the following day, but then the addy is discarded. The only way the TSP has to initiate a direct communication to you personally, e.g., your new account number, is snail mail. This is why it was just plain irresponsible for the (fortunately now departed) previous Executive Director to declare the web as the default primary method for delivery of statements or other news and information. Sure, it saved a lot of postage money, but a fiduciary has a duty to maintain affirmative contact with the beneficiary to communicate important information. They were completely passive, with the attitude that "You can log on and look it up yourself, and if you don't or forget, we don't care, it's not our problem." Fortunately, I sense Mr. Long is trying to get things back on a more sensible track. Numbers Man Posted September 13, 2007 10:24 AM
