NEW: Colorado Secretary Of State Under Fire After Posting Passwords For Voting Machines

On Tuesday, an online spreadsheet inadvertently was posted by the Colorado Secretary of State’s Office. The spreadsheet contained a tab with BIOS passwords critical to the security setup of the state’s voting machines.

The discovery was announced in an email from Hope Scheppelman, Vice Chair of the Colorado Republican Party, which explained that the passwords were found by an unnamed individual who accessed the spreadsheet and used the “unhide” function in Excel. The person’s identity was concealed in the affidavit circulated by the party.

BIOS passwords are integral to configuring the security settings of voting systems, raising significant concerns about election security safeguards. A spokesperson for the Colorado Secretary of State’s Office told 9NEWS, “The Department is working to remedy this situation where necessary.”

“The Department took immediate action as soon as it was aware of this and informed the Cybersecurity and Infrastructure Security Agency (CISA), which closely monitors and protects the county’s essential security infrastructure,” a spokesperson for the Colorado Secretary of State’s Office claimed. “There are two unique passwords for every election equipment component, which are kept in separate places and held by different parties. Passwords can only be used with physical in-person access to a voting system.”

WATCH:

BIOS passwords are a security measure used to protect the settings of a computer’s BIOS, which initializes and tests hardware at startup. For voting machines, these passwords help prevent unauthorized changes to the machine’s configurations, ensuring their integrity and security. Alongside BIOS passwords, voting machines often feature additional security measures such as multiple passwords for different access levels and physical security to safeguard the voting process.

Speaking to 9NEWS on Tuesday, Colorado’s Democratic Secretary of State Jena Griswold said, “To be very clear, we do not see this as a full security threat to the state. This is not a security threat. There are two passwords to get into any voting component, along with physical access. We have layers of security, and out of just an abundance of caution, have staff in the field changing passwords, looking at access logs and looking at the entire situation and continuing our investigation.” Griswold revealed that the spreadsheet with the partial passwords had been accessible on the office’s website for several months before the mistake was discovered.

Matt Crane, a former Republican Arapahoe County Clerk and current executive director of the Colorado Clerks Association, acknowledged the concerns over the online availability of partial passwords, albeit in a hidden format. “The truth is, is this a concern? Yes. Is it being mitigated? Yes. Does this mean that all of the computers are connected to the internet and that votes are being flipped? No.”

“I want to stress here, this isn’t our Republicans, but you will have some Republicans who will use this for political and financial purposes. Whereas we as clerks, we will stay in the truth in honoring our oath of office to serve our constituents in a truthful and honest manner,” explained Crane.

Griswold addressed why county clerks were not immediately informed about the passwords, arguing that it did not amount to withholding information. “We did not decide not to disclose something to county clerks. We were actively investigating along with federal partners,” Griswold claimed. “We want to try to take as measured of approaches to situations as possible and gather good information. So, along those lines, we are still in an active investigation.”

(REVEALED: The Dow Jones “Secret” That Should Have Everyone Worried)