Colorado Agency 'Improperly' Posted Passwords for Its Election System Online

The Colorado Department of State inadvertently exposed partial passwords for voting machines in a public spreadsheet for months. The department stated that the incident does not pose an immediate security threat to Colorado's elections and will not impact how ballots are counted. The error was revealed by Hope Scheppelman, vice chair of the state's Republican party, in a mass email that included an affidavit from a person who discovered the passwords. The affidavit claimed that the person downloaded the spreadsheet and found the passwords by clicking a button to reveal hidden tabs. The Department of State explained that each voting machine has two unique passwords stored in separate places. The passwords can only be used by a person physically operating the system, and voting machines are stored in secure areas with ID badge access and 24/7 video surveillance. The department took immediate action upon discovering the issue and informed the Cybersecurity and Infrastructure Security Agency. Colorado voters use paper ballots, which provide a physical paper trail to verify electronically tabulated results. The department is working to remedy the situation where necessary. The incident has already sparked accusations from the state's Republican party, despite the department's assurances that it does not pose a security threat.