It's one thing for people to have their own passwords pwned. It's quite another when someone breaks in via support people's accounts. This is why you don't host your email on other people's servers without end-to-end encryption.


This is why no public institution (school, hospital...) should use cloud services, whatever the term of services.

@Shamar @freakazoid @aral
that link i provided "You Are The Product". i really like that one.

@Shamar @freakazoid
yep that's the one, rewatching it now. it may not be up date (stats are worse now--worse for us, not the extreme capitalists).

@Shamar @freakazoid my univ, UIUC, is on tail end of migrating to this service (office365), migrated most of us over in January or earlier. \o/ x.x

Since it's public institution I'm not sure why it's all not freely available to begin with, other than FERPA. On the bright side they also pushed a new 2FA program pretty aggressively (aka actually require it ;)) so hopefully much of what's reachable via those credentials is okay.

2FA only helps if it's your own credentials that are phished. If the cloud provider's own security practices suck, you're still screwed.

Sign in to participate in the conversation
R E T R O  S O C I A L

A social network for the 19A0s.