By Nermeen Nabil Khear 
Late last year, a hacker infiltrated PowerSchool, a software company that offers cloud-based services to K-12 schools. The breach resulted in stolen personal data for millions of kids as well as some staff members—but the loss of social security numbers, birthdates, and other valuable details didn’t have to happen.
Amid the notices rolling out to affected students and staff, news reports also made the rounds, revealing that the compromised PowerSchool employee account lacked a crucial protection: two-factor authentication (aka multi-factor authentication). Had 2FA been active, hackers would’ve have had to pass a second checkpoint to successfully access PowerSchool’s internal systems.
These days, in the age of multiple data breaches, having this extra security layer can save your butt should your password ever become known. (Plenty of people use a weak or even reuse passwords, which are easy to crack, but phishing attacks can also expose a previously strong credential.)
PowerSchool made a mistake in not enforcing MFA for its employees, especially those with access to sensitive data. Fortunately, you can avoid PowerSchool failure—and you should. Even if you’re not an IT worker, you still have valuable accounts like a primary email address, a bank account, and the like that deserve safeguarding.
Jared Newman / Foundry
For these sensitive accounts, enable 2FA now. (And if you haven’t done so already, upgrade to a strong, random password, too.) It takes just a few minutes and can be set up on your phone.
I recommend one-time codes generated by an app as the best mix of convenience and security—codes sent over text message are less secure, as there’s a risk of them being intercepted. Using one takes maybe another 15 seconds during login, if that. Be sure to also save your backup codes in a secure but easily accessible way.
You should enable 2FA for any valued account with a password even if you can use passkeys with them. Passkeys are a fast and much stronger method of logging in compared to passwords, especially if you store them on a local device (versus in the cloud). But if you still have a password enabled, a passkey won’t stop an attacker from being able to login with the password, if they have it. Only 2FA will.
Currently, PowerSchool says it is still notifying those caught in the data breach. The information lost depends on the school district and what was stored in PowerSchool’s database, but the company says that anyone affected is entitled to two years of credit monitoring. For further defense, you can take several more powerful steps to protect your kids—some forms of identity theft are silent and can go undetected for years.
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.