SSA's Public Credentialing
and Authentication Process
No
material or nonsubstantive change to a currently approved
collection
No
Regular
05/28/2025
Requested
Previously Approved
02/28/2027
02/28/2027
21,549,110
193,030,126
359,151
3,280,597
0
0
The Social Security Administration's
citizen authentication process enables a new user experience and
access to more electronic services. Authentication is the
foundation for secure, online transactions. Identity authentication
is the process of determining, with confidence, that someone is who
he or she claims to be during a remote, automated session. It
comprises three distinct factors: something you know, something you
have, and something you are. Single-factor authentication uses one
of the factors, and multi-factor authentication uses two or more of
the factors. Social Security's process features credential
issuance, account management, and single- and multi-factor
authentication. We allow our users to maintain one User ID, which
consists of a self-selected Username and Password, to access
multiple Social Security electronic services. This process provides
the means for authenticating users of Social Security's sensitive
electronic services and streamlines access to those services. The
respondents are individuals who choose to use the Internet or
Automated Telephone Response System to conduct business with SSA.
This is an IT Mod Change Request to finally remove the eAccess
option for credentialing from the SSA website. As per our previous
change, requiring all new users to register a credential with
Login.gov or ID.me, and our more recent approved request to remind
current eAccess credential holders that we also need them to
register through Login.gov or ID.me, we are finally in the last
phase - the removal of the eAccess credential option. All
respondents will be able to register or request access to their
mySocial Security accounts through either Login.gov or
ID.me.
US Code:
5 USC
552a Name of Law: The Privacy Act of 1974
PL:
Pub.L. 107 - 347 301 Name of Law: E-Government Act of 2002
US Code: 42
USC 405 Name of Law: The Social Security Act
US Code:
26 USC 6103(l)(1)(A) Name of Law: Internal Revenue Code
US Code: 5 USC
552 Name of Law: Freedom of Information Act
The information above shows a
significant reduction in usage and burden for this information
collection. This reduction is due to the removal of the eAccess
sign-ins and registration. In addition, we are also removing the
information collection in ROCIS specifically referencing iRPA
Users, as we have rolled those users into the total data for
Login.gov and ID.me sign-ins. Finally, we are also showing a
significant decrease in the Login.gov and ID.me sign-ins. We
believe this is because most of our users who were registered
through eAccess were also already registered through Login.gov or
ID.me, and we are no longer double counting them. We also note that
we requested the MI data above directly from Login.gov and ID.me.
While it shows a lower usage than we previously accounted for under
this ICR, we are adjusting the burden to reflect actual MI data.
Going forward, we will ensure we update the MI data per the data
that Login.gov and ID.me provide to us for SSA.gov user sign-in
requests.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
Justification for the Non-Substantive Changes - 0789 (IT Mod Request).docx
Internet ID.me Sign-Ins