
A password for the Hawaii emergency agency was hiding in a public photo - leonagano
http://uk.businessinsider.com/hawaii-emergency-agency-password-discovered-in-photo-sparks-security-criticism-2018-1
======
gwbas1c
I used to put fake passwords on stickies on my monitor just to see if anyone
would notice.

No one did.

~~~
leonagano
good test!

------
Kikawala
The password was promptly changed to "Warningpoint3"

~~~
bargl
In 90 days it'll be Warningpoint4.

------
excalibur
> these computers are likely different from the system that sent the false
> missile alert

I can't speak to the particular console it was sent from, but I would place a
modest wager that it's in that same room.

------
everdev
At least it has letters and numbers ;)

------
gist
This hasn't been authenticated as being real. All we know is that there is an
AP image and there is a post it note saying something on the monitor. We don't
even know if the enhancement or anything else about it is real.

------
mc32
Ok, if the system is an isolated system, not accessible via the open internet,
but perh via VPN, is the sticker a big issue, if they have decent physical
security (i.e. cleaning crew cannot get in there).

~~~
scoggs
I hope they get some extra coin for keeping the place clean enough to not need
janitorial services in the secure room.

------
throwacide
“Pencil” Reference to wargames of course. Passwords are fundamentally broken.
Don’t blame the post it note nor the person making it. Blame the concept of
passwords.

~~~
craftyguy
Passwords are not fundamentally broken.

IT departments that apply arbitrary constraints to passwords are fundamentally
broken. Users that do not use password management, which allows easily
creating unique, strong passwords for everything, are using a fundamentally
broken workflow.

