We all are aware of the recent compromise of data in Clark County, where the weak link was access to student accounts. How can we secure access to student accounts to prevent similar issues in our districts? We'd like to explore this topic in terms of what can be done on the server/domain/cloud provider to seal off the ability for compromised student accounts to wreak any further havoc, and what we can do to reduce compromise of student accounts. MFA? Better password generation? Policies regarding student password resets? Software that monitors logins? What else? We'd like to brainstorm and review together and put together an ongoing group of interested districts to work together to create a unified policy so no one has to reinvent the wheel.