An inaccurate warning of an incoming missile attack rocked Hawaii on January 13, 2018, as the world watched. It was simply an error—an internal test of the alert system made public unintentionally. Now, under this intense scrutiny, Hawaiian government password practices have been revealed and have citizens and security experts anxious about security.
Evidence has surfaced indicating that some Hawaii Emergency Management Agency (HEMA) employees routinely use sticky notes to display their passwords. An Associated Press photo of HEMA headquarters taken in July 2017 has resurfaced in light of the false alarm, and it shows one very conspicuous example of sticky notes in use.
Several days after the alert, Governor David Ige admitted another password issue contributing to the widespread anxiety. Ige had forgotten his Twitter login and password, which delayed government efforts to calm island dwellers. It seems that the nation’s 50th state could benefit from a password refresher course, yet there are lessons in this for all of us.
Why do these goofs occur?
It’s every IT person’s nightmare—individuals who can’t or won’t remember passwords. People routinely write them down and tape that note to a computer monitor. In Ige’s case, he’s now saved his Twitter account details to his cellphone, which is hopefully password-protected and up to date with anti-virus software.
The HEMA sticky note incident is a prime example when password security is worse than none at all. Yes, you’ve selected a password, which probably boosts your sense of protection, but you’re at risk of sharing it with the world.
If a camera is around, it can capture an image of the password and allow hackers to examine it in depth. Remember the astonishing password leak from Super Bowl XLVII in 2014? Before the game, a report on Super Bowl security included footage of a screen displaying a user’s complete and login credentials! That tape was broadcast live around the globe by CBS News.
This is a test. It is only a test…perhaps.
While gaffes like these make security experts squirm, the real question is what should average users do? Is it wise to write things down if your memory is not robust? Opinions vary but many experts advocate using a password manager—software that remembers all your passwords except the master access key.
Additional options include hand-held devices you carry or fobs that can store unique passwords for you. Most options also generate long, complex codes that the human brain has difficulty storing and remembering.
Don’t be a password weakling.
With so many options, there’s no good reason to be a password wimp. You got this. Choose a system that works for you and let go of that one combination you first created in high school. Yeah, that one!