Justification for the Non-Substantive Changes for
Social Security Administration’s Public Credentialing and Authentication Process
20 CFR 401.45 & 20 CFR 402
OMB No. 0960-0789
Background
Since its establishment in May 2012, SSA uses the Social Security Administration’s Public Credentialing and Authentication Process (hereafter-called “eAccess”) to provide a secure, centralized gateway to Social Security’s public-facing electronic services. SSA originally issued agency-specific identity credentials directly to users. In September 2021, pursuant to OMB memorandum M-19-17, SSA began requiring new users to use a federated credential from Login.gov or ID.me. If customers can reuse existing credentials, it saves them time and effort, and they do not have to maintain another set of credentials.
Although we discontinued issuing new identity credentials, we continued to accept existing SSA‑issued identity credentials (username and password), now known as legacy credentials. To ensure compliance with guidance from the National Institute of Standards and Technology (NIST) and reduce credential support activities for our technicians, we are in our last phase to remove allowance for legacy credentials and require all users to access SSA services using a federated credential.
After this release, users will no longer be able to sign into their Social Security account with an original legacy credential. We are implementing these new, non-substantive revisions on June 14, 2025. Therefore, we are requesting OMB approval by June 9, 2025 to allows us time as needed to remove the eAccess credential allowance from our website.
Revisions to the Collection Instrument
Change #1: We updated our sign-in screen and Business Services Online (BSO) sign-in screen to show the options of signing in with Login.gov and ID.me only. The screen also shows a message to inform legacy credential holders that they can no longer sign in with a Social Security username and password.
Justification
#1:
This
final phase of transition moves the agency away from being a
credential issuer and allows us to reduce credential support
activities for our technicians by no longer accepting the legacy
credentials. In addition, it ensures SSA credentialing is in
compliance with NIST credentialing requirements by requiring
respondents to use ID.me or Login.gov.
Estimates of Public Reporting Burden
We are adjusting the reported burden to this information collection because customers will no longer sign-in directly into eAccess, or be able to register through our technician-assisted process. Therefore, we are removing the Internet eAccess Sign-Ins, and the Intranet Registrations (RCS) from the burden chart.
Instead, all customers will register and sign-in through ID.me or Login.gov to gain access to their SSA online account. We will continue to monitor the Management Information (MI) data and reflect the burden accordingly. OMB approved the current burden estimate on 8/12/2024, and we have seen an overall decrease in burden for eAccess as more respondents use Login.gov or ID.me for registration and access. With these changes, we will remove the eAccess burden entirely, showing that customers can no longer register nor sign-in through eAccess. The data below is based on the actual Management Information (MI) data for fiscal year 2024 (showing end of year data from Login.gov and ID.me).
See chart below with the updated figures:
Modality of Completion |
Number of Respondents |
Frequency of Response |
Average Burden Per Response (minutes) |
Estimated Total Annual Burden (hours) |
Average Theoretical Hourly Cost Amount (dollars)* |
Average Wait Time in Field Office (minutes)** |
Total Annual Opportunity Cost (dollars)*** |
Login.gov Sign-Ins |
2,003,842 |
1 |
1 |
33,397 |
$32.66* |
|
$1,124,143** |
ID.me Sign-Ins |
19,545,268 |
1 |
1 |
325,754 |
$32.66* |
|
|
Totals |
21,549,110 |
|
|
359,151 |
|
|
$11,763,269** |
* We based this figure on average U.S. citizen’s hourly salary, as reported by Bureau of Labor Statistics data (Occupational Employment and Wage Statistics).
** This figure does not represent actual costs that SSA is imposing on recipients of Social Security payments to complete this application; rather, these are theoretical opportunity costs for the additional time respondents will spend to complete the application. There is no actual charge to respondents to complete the application.
NOTE: We included the total opportunity cost estimate from this chart in our calculations when showing the total time and opportunity cost estimates in the paragraph below.
Based on our current MI data, the burden information we provided in the above chart is accurate. The total burden for this ICR is 359,151 burden hours (reflecting Login.gov and ID.me data), which results in an associated theoretical (not actual) opportunity cost financial burden of $11,763,269. SSA does not charge respondents to complete our applications.
Note: The information above shows a significant reduction in usage and burden for this information collection. This reduction is due to the removal of the eAccess sign-ins and registration. In addition, we are also removing the information collection in ROCIS specifically referencing iRPA Users, as we have rolled those users into the total data for Login.gov and ID.me sign-ins. Finally, we are also showing a significant decrease in the Login.gov and ID.me sign-ins. We believe this is because most of our users who were registered through eAccess were also already registered through Login.gov or ID.me, and we are no longer double counting them. We also note that we requested the MI data above directly from Login.gov and ID.me. While it shows a lower usage than we previously accounted for under this ICR, we are adjusting the burden to reflect actual MI data. Going forward, we will ensure we update the MI data per the data that Login.gov and ID.me provide to us for SSA.gov user sign-in requests.
As stated above, we are implementing these new, non-substantive revisions on June 14, 2025. Therefore, we are requesting OMB approval by June 9, 2025 to allows us time as needed to remove the eAccess credential allowance language from our website.
Future Plans
Due to the agile nature of our projects, we expect to make more enhancements in the future to strengthen our electronic access authentication posture. Currently, we are still finalizing our IT modernization plans for these changes. We expect to submit another change request within six to nine months to request approval for additional updates to the system, and potentially, update the burden again to include additional users.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Chatel Madison, OEST, DSA |
| File Modified | 0000-00-00 |
| File Created | 2025-05-29 |