Hawaiian missile alert agency stored password on Post-it-note

Hawaii missile alert agency kept system passwords on Post-it-notes. Photo / Twitter

In an age where everyone's personal information is digitised and hackers are coming up with clever new scams to get their hands on your bank details, we are constantly reminded to be smarter when using the internet.

This includes not responding to emails from a Nigerian prince who says he wants to give you all his cash, and putting a bit more effort into choosing your passwords.

(Hint:You can find a better way to honour your childhood pet than using its name plus 123 as your universal login.)

While personal cyber safety may not be the number one thing on many people's minds, it is reasonable to assume that businesses and agencies — particularly those dealing with sensitive information — would take online security very seriously.

For example, while writing down your password and sticking it on your computer might not seem like a big deal to an individual, a big national agency would have a more sophisticated system than that — or so one would think.

Well apparently Hawaii's Emergency Management Agency didn't get the memo because, not only did they have a system password stored on a Post-it-note, they allowed it to be photographed and sent out for all the world to see.

The agency has been under intense scrutiny since it sent out a false missile alert to Hawaiian residents on Saturday,

The alert, which read: "Ballistic missile threat inbound to Hawaii. Seek immediate shelter. This is not a drill", caused widespread chaos and panic.

Authorities took 38 minutes to correct the mistake, which the state's governor attributed to a "worker pushing the wrong button". Since the incident, concerns have been raised about the effectiveness of the agency's interface system and associated protocol.

A photo taken in July at the agency's headquarters by the Associated Press has now added to these worries.

The picture shows an operations officer posing in front of a number of computer screens and in plain sight is a Post-it note with a password written on it.

An agency spokesman, Richard Rapoza, told Hawaii News Now that the password is authentic and was used for an "internal application".

Mr Rapoza decline to say what application the login was for, but said he believed the password was no longer in use.

He reportedly acknowledged that it wasn't a very good idea to have passwords stuck to computer screens, but said: "It wasn't for any major piece of software."

The Hawaiian agency has also been slammed for their poor system design, after an image was released of the digital alert page to show how the wrong alert was sent out.

These are the two images side-by-side. One resulted in widespread ridicule. The other appears to be a response to that. Both raise LOTS of questions pic.twitter.com/On88vbsZ5z

— Nick Grube (@nickgrube) January 17, 2018