In late 2022, a security breach at PowerSchool, a software provider that delivers cloud-based solutions to K-12 educational institutions, compromised the personal information of millions of students and some staff members. This incident led to the theft of sensitive data, including social security numbers and birthdates—information that should have been safeguarded.
As notifications reached impacted students and educators, media coverage revealed a significant oversight: the compromised PowerSchool employee account did not utilize two-factor authentication (often referred to as multi-factor authentication). Had 2FA been implemented, the hackers would have encountered an additional layer of security before gaining access to PowerSchool’s internal systems.
In today’s world, where data breaches are all too common, enabling this extra layer of protection is crucial. It can serve as a safeguard if your password is ever compromised. Many individuals opt for weak or reused passwords, making them easy targets, while phishing scams can also expose previously robust passwords.
PowerSchool erred by not requiring multi-factor authentication for staff members, particularly those handling sensitive information. However, you can sidestep PowerSchool’s misstep, and you should. Regardless of your profession, you have valuable accounts—such as your primary email, bank details, and more—that deserve rigorous protection.
Jared Newman / Foundry
To protect your critical accounts, activate two-factor authentication immediately. If you haven’t yet done so, upgrade to a strong, unique password as well. Setting up 2FA only takes a few moments and can easily be configured on your smartphone.
I recommend using one-time codes generated through an app for optimal convenience and security, as codes sent via SMS are less secure due to interception risks. The process of inputting this code during login usually only takes about 15 seconds. Don’t forget to store your backup codes securely yet accessibly for future use.
It’s vital to enable 2FA for any important account that relies on a password, even if you have the option of using passkeys. Passkeys are a more efficient and secure alternative to passwords, particularly when saved locally rather than in the cloud. However, if a password is still in play, attackers can log in with it. Only the addition of 2FA can prevent that possibility.
As of now, PowerSchool continues notifying those affected by the data breach. The extent of the compromised information varies by school district and what was kept in PowerSchool’s databases. The company is offering a two-year credit monitoring service for those impacted. To further protect your family, consider taking additional proactive steps, as some forms of identity theft may remain undetected for extended periods.