Password for Hawaii's emergency agency in public photo, written on a Post-it


Hawaii Governor David Ige has apologised for the false alert that warned a ballistic missile was heading straight for the island.

Another day, another mistake for Hawaii's under-fire emergency management team.

On Saturday, people in Hawaii were awakened by a terrifying false alert about an inbound missile.

Hawaii's Emergency Management Agency has said a worker clicked the wrong item in a drop-down menu and sent it, and that its system was not hacked.

Password for Hawaii's emergency agency in public photo, written on a Post-it


Spot the Post-it with a password on it in this July photo of Jeffrey Wong, the Hawaii Emergency Management Agency's current operations officer.

"It was a mistake made during a standard procedure at the changeover of a shift, and an employee pushed the wrong button," Governor David Ige said.

* Danny Lee gets the unnerving ballistic missile warning
* Being a mother in Hawaii during 38 minutes of nuclear fear
* Hawaii missile alert: How one employee 'pushed the wrong button

But an AP photo from July has raised questions about the agency's cybersecurity practices.

This is the screen that set off the ballistic missile alert on Saturday. The operator clicked the PACOM (CDW) State Only link. The drill link is the one that was supposed to be clicked. #Hawaii

— Honolulu Civil Beat (@CivilBeat) January 16, 2018

In it, the agency's operations officer poses in front of a battery of screens.

Attached to one is a password written on a Post-it note.

The agency didn't immediately respond to a request for more information.

Password for Hawaii's emergency agency in public photo, written on a Post-it

An employee pushed the wrong button, sending this terrifying alert to everyone in Hawaii.

While these computers are most likely different from the system that sent the false missile alert, the photo raises questions about whether the approach to security at the agency may have led to the scary situation on Saturday.

(On the other screen, another note reminds the user to "SIGN OUT.")

Writing down passwords isn't a strict security no-no

Some experts say that keeping a hard copy of a password in your wallet is defensible – if you can keep the piece of paper secure.

But a note on a monitor is not secure, especially if it's for computer systems dedicated to keeping people safe.

The photo has already drawn some ridicule from those in the operational-security industry.

This article was first published on

- Business Insider