Skip Tags

Popular Tags

Decorative icon

The Resource Center Online Security Issues & Protection The Resource Center | article

Voting Machines Fail When It Comes to Password Security — But You Don’t Have To

The passwords used to protect election machines in Virginia carry a lesson for us all about password security.

The passwords used to protect election machines in Virginia carry a lesson for us all about password security.

In a recent study the Virginia Information Technology Agency and outside contractor Pro V&V found that AVS WINVote machines, used in three presidential elections in Virginia, failed to meet simple security standards.

In a report called “Security Assessment of WINVote Voting Equipment for Department of Elections,” the Virginia Information Technology Agency “determined that the combination of weak security controls used by the devices would not be able to prevent a malicious third party from modifying the votes recorded by the WINVote devices. The primary contributor to these findings is a combination of weak security controls used by the devices: namely, the use of encryption protocols that are not secure, weak passwords, and insufficient system hardening.”

According to the Guardian, research groups have been pushing for formal inquiries by the state of Virginia into voting machines for close to a decade, and for good reason, it appears. The report found that the machines were so vulnerable that anyone could modify a vote due to a poor password protecting the wireless system on the machines — that password was “ABCDE.”

While changing votes may not be a form of identity theft, it is an incredibly serious issue. The fact that a simple, easily-guessed password was the only thing standing between a hacker and the election votes tells us how important it is to use best practices to create our own passwords.

Here are some tips for choosing your password that can help protect your identity and sensitive information:

  • Think outside the box: Avoid passwords that someone could easily guess. This means someone you know and someone who has spent time collecting information about you. Birthdates, names of pets, the name of a friend, your own name — all of these are not just easy to guess, they also contain information that a criminal could find without too much trouble. Hackers will start an attack by considering the most obvious options, so think outside the box for your password.
  • Think pass “phrase”: Instead of picking one or two words and adding numbers and characters for security, choose long phrases that aren’t likely to appear in the dictionary. Not only are phrases easier to remember, the length tends to make them more difficult to crack.
  • Be random: Human beings and hacking programs tend to think in patterns. Algorithms have been created to exploit almost any pattern a person can think of. This means that if you use a phrase that makes linguistic sense — such as “ilovemydog” — it will be easier to crack. Joseph Bonneau, a postdoctoral cryptography researcher at Stanford University who has published papers in academic journals on optimizing password security, says that phrases should be put together using random words, such as “potato lampshade bike run.” On its own this phrase makes no sense and offers a high level of security.
  • Different password on every site: Once you have a relatively secure password it can be tempting to just use it everywhere, but all this does is decrease the strength of the password. It might take a hacker six months to crack your great password on one site, but then they immediately have your password for everything else too. Use different passwords on every website, particularly for online banking or credit card accounts.

When you have selected a number of passwords make sure you do what you can to keep your passwords safe. This means not writing then down where anyone can access them or sharing them with other people.

01