Voting system passwords were mistakenly put on the Colorado Secretary of State's public-facing website before being spotted and taken down, but the lapse did not pose an immediate threat to the upcoming election, said state election officials Tuesday.
The passwords were one of two unique passwords needed to access Colorado's voting systems, and are just one part of a layered security system, said Jack Todd, spokesperson for the the Secretary of State's office, in a statement.
Colorado’s top elections official, Democratic Secretary of State Jena Griswold, frequently calls Colorado the gold standard for election security. However, she has been criticized by the chairman of the Colorado Republican Party amid heightened scrutiny over election systems in the United States.
Election officials learned last week that the spreadsheet, which held the passwords in a hidden tab, was available online, just days out from the Nov. 5 election.
Once the lapse was discovered, Todd said, the department took immediate action, informed the Cybersecurity and Infrastructure Security Agency, and is working to remedy the situation where necessary.
The executive director of the Colorado Clerks Association, Matt Crane, told 9News that while the lapse was concerning, the association is satisfied with the Colorado Secretary of State's response.
“The truth is, is this a concern? Yes,” Crane said. “Is it being mitigated? Yes.”
The passwords can only be used in-person to access the voting systems, and Colorado law requires that the equipment is surveilled and stored in secure rooms access to which is tracked and logged.
Earlier this month, a Colorado county clerk, Tina Peters, was sentenced to nine years behind bars for a data-breach scheme based in false claims about voting machine fraud in the 2020 presidential race. Peters was found guilty by a jury of allowing a man to misuse a security card to access a county election system and for being deceptive about that person’s identity.