hawaii emergency management post-it note password


Hawaii agency that sent false missile alert exposed a password on Post-it note

A spokesperson at the agency confirmed the password's legitimacy.


Phillip Tracy


Posted on Jan 17, 2018   Updated on May 22, 2021, 4:28 am CDT

On Saturday, people in Hawaii woke up to a ballistic missile alert that was accidentally transmitted by a Hawaii Emergency Management Agency (HI-EMA) worker who pressed the wrong option in a drop-down menu. The incident raised questions about the security of an agency tasked to warn residents of serious threats.

Now, an Associated Press image that started circulating across the internet on Tuesday is adding insult to injury. The photo shows a HI-EMA employee standing in front of a desk filled with monitors. On the frame of one display is a Post-it note with writing on it. Zoom and enhance and you’ll see a password written in big letters.


A spokesperson at the agency confirmed to Hawaii News Now that the password is legitimate but was for an “internal application” they believe is no longer in use. The image was originally taken in July 2017 so it’s possible the software was still active when it was first uploaded. Regardless, the photo shows a lack of understanding of security best-practices from an agency tasked to inform millions of a potential threat.

People on social media responded in disbelief, opening discussions about the level of training required of emergency management workers. Writing down passwords is one of the worst security errors you can make. It’s forgivable if you do so in a secret notebook, but broadcasting it to everyone in your office (or in this case, the internet) is inexcusable.


Around the time the image was going viral, the HI-EMA published a representation of the system it uses to send out emergency alerts—the same sort of UI that was used when the false missile alert was accidentally transmitted. The interface was criticized for its archaic appearance and confusing layout, leading to another round of harsh questioning from concerned residents.

The Federal Communications Commission (FCC) is currently investigating the incident that led to panic in Hawaii. Let’s hope its findings result in wholesale changes to the agency’s security measures.

Share this article
*First Published: Jan 17, 2018, 10:50 am CST