Lessons Learned from Hawaii’s Password Problems 

Woman typing on keyboard

By now, you’ve probably heard about the emergency alert sent from the Hawaii Emergency Management Agency that claimed “missile inbound.” This alert was sent to phones, put out over radio and TV – and it took 38 minutes before the public was notified it was a false alarm.  

According to the Hawaii Emergency Management Agency (HI-EMA), this unintentional alert was caused by human error. After it was sent, they had no system in place for sending a cancellation message.  

Human errors are bound to occur – but there are best practices that can reduce them. We’re not experts in emergency management or government process, but it turns out that poor password management also played a large part in this stressful situation.  

Don’t try to remember all your passwords 

After the mistaken alert was sent, the HI-EMA and government officials took a considerable time taking to social media to alert followers of the false alarm. In one case, Hawaii governor David Ige wasn’t able to tweet for 17 minutes because he couldn’t remember his Twitter password.   

We’ve all been there. There’s no way to remember all of your logins. The lesson here is you shouldn’t even try. Use a password manager instead.  

LastPass can remember all your usernames and passwords and automatically log in to your sites and apps for you – on desktop or mobile. You simply set a master password – and that’s the only password you need to remember.  

Have access to your accounts everywhere 

If this scenario teaches us anything, it’s that you never know when an emergency will occur. The officials at HI-EMA may not have been at their desks when they heard about this alert, but they still need access to essential accounts to help fix the situation from wherever they are – including on their phones. And Governor Ige would have been well served to have Twitter on his phone with his credentials already on-hand, thanks to a password manager. 

LastPass syncs all of your data across every browser and device where you have our browser plugin or app installed. You always have the access you need, and you can even log in to your account without Internet access.  

Don’t use sticky notes 

On the heels of this false missile alert, HI-EMA is also getting heat for a picture from their headquarters. The picture showed a sticky note posted to someone’s workstation with a password written on it.  

It may seem like common sense not to write your passwords down where others can easily see them – but it happens all the time. If employees are expected to remember all of their passwords, they will end up finding shortcuts like this. This takes us back to point #1 – don’t try to remember all your passwords! 

With LastPass you only have to remember one password – eliminating the need for the sticky note trick. Also, no need to write down passwords to share with teammates. LastPass allows you to created Shared Folders and securely provide access to others.   

It’s true that better password management practices might not have prevented the false alarm alert from being sent in the first place. But they would certainly have made it easier to handle this emergency situation. And in a crisis, every minute – and every detail – is critical.  

One Comment

  • Gary L Stambaugh says:

    Great article! Just curious if you have attempted to contact the parties in HI and share how your product could help them?

    If so, good job. If not, I’ll bet one of your users knows someone who knows someone. Just say’in.