Colorado voting machine password breach: Polis declares fix completed

Colorado’s blitz to update all voting machine passwords and verify security ahead of next week’s election has been completed, Gov. Jared Polis announced Friday morning.

Teams of hastily deputized state employees who had undergone background checks, including 22 cybersecurity staffers and eight Secretary of State officials, went to county clerk offices in a scramble to shore up security around Colorado’s election voting machine system following a leak of partial passwords. They got the job done Thursday night, Polis said.

“Every Coloradan can rest assured that their vote will be counted fairly and accurately. While the leaked passwords compromised just one of many layers of security that protect our election integrity in Colorado, we knew it was critical to take swift action,” Polis said.

On Tuesday, Griswold announced that a spreadsheet posted publicly on her office’s website for several months “improperly included” a hidden tab that led to partial passwords — one layer in a security system that relies on multiple passwords and restricted access — protecting Colorado voting machines. Griswold learned of the problem Oct. 24 and password changes began Tuesday, Secretary of State spokesman Jack Todd said.

The breach won’t affect how ballots are counted, gubernatorial officials said Friday morning.

State officials didn’t respond to questions about how many county clerk offices teams visited on Thursday and haven’t said whether the state would halt mail ballot processing or re-scan mail ballots.

The state teams went into county offices and worked in pairs, observed by local county elections officials, state agency officials said.

Polis and Griswold repeated assertions that the disclosure of passwords did not and will not pose a security threat to Colorado’s elections.



from The Denver Post https://ift.tt/9jD1RPH

Comments