This is regarding the same statewide online charter school I asked about here. This time I forgot my password, clicked to reset it, was directed to call customer support, and, upon identifying me, the customer support person spelled my old password back to me, capitalizations and all. Not only they store user passwords, they make them visible to their support staff.
Now, this is a statewide online school where I enrolled my kid to. With security that flimsy I’m afraid that of all kinds of unpleasantness coming her way, ranging from grade changes by other kids causing all kids’ grades becoming untrustworthy to stalking opportunities to financial fraud if she ever makes the mistake of using the same password at her school and her banking. BTW, they already have scans of her birth certificate and my mortgage, submitted as a part of enrollment process.
How do I deal with that? Any way to influence the charter school to step up security?
Go to Source
A bank where I have an auto loan has a credit reporting feature. The feature shows that I have several “Dark Web Alerts” for “Compromised Email Address”. The alerts list the breached sites, for example schmevite.com and schmafepress.com (and others). This doesn’t make sense. How was my email address breached at a website for party invitations and blogging?
I haven’t used either of those site in a long time. I assume my username is my email address. However, my email account not been breached (right?). The recommended action is to change my email password, but my email has not been breached, so why would I do that? Am I expected to change my email password every time some remote site that I’ve barely used is breached? Shouldn’t it be telling me to change my schmevite and schmafepress passwords?
NOTE: I have a different, and reasonably complex password for each site. The point being if someone has breached my scmevite or schmafepress password, which uses my email as the userid, why do I need to change my email password?
But then I have another of the Dark Web Alerts which says “Compromised Email Address”, but does not list a compromised website. Instead it says “Password: Exposed”. Now I’m really concerned. If someone gets into my email account, they can find all of my other passwords (including to financial sites) by requesting password changes.
But that alert was exposed on 4/18/20 and I haven’t lost my money yet. Should I be concerned about this? What do I do? (P.S. “Should I be concerned about this” is rhetorical — I am!).
Thanks for helping me understand.
Go to Source