Elections Security: Learn it. Live it. Love it.

from: EAC Staff on Jun 21, 2011

EAC staff recently conducted a training class with election officials about security. Topics included risk management, physical security and computer security.

We spent a lot of time talking about authentication mechanisms used in the field of information security. For elections, authentication may be used for staff access to buildings and warehouses as well as computer systems. Authentication examples include handwritten signatures, employee access cards, fingerprints, DNA and digital signatures. Although this is not an exhaustive list, we recommend the following when establishing passwords:

Do not use default passwords!
Use different passwords for different accounts.
Use different passwords for different people.
Use different passwords for different elections.
No names or dictionary words. Example: JoshElection4.
Randomness is key.
At least 8 characters.

For more information, read EAC’s Election Management Guidelines chapters about system security, physical security, chain of custody procedures, acceptance testing and technology in elections. Also check out the security requirements in the next iteration of the Voluntary Voting System Guidelines. It’s a draft, but you’ll find lots of information about voting system security.

< Previous Blog Posting

Next Blog Posting >

Back to Blog List

Name:

Location:

Email:

Comments:

1500 characters left

The purpose of this blog is to share useful, innovative and practical information about voting and elections with interested parties. EAC also intends to provide this forum to host conversations with the public. EAC encourages the submission of comments from the public and hopes that interested individuals will provide submissions on a regular basis. EAC also recognizes the value of providing this forum to facilitate discussions concerning best practices, solutions, and innovative ideas in election administration.

This is a moderated blog, and EAC will exercise discretion in determining which comments it will and will not post. As a moderated blog, EAC will review all comments before posting to ensure that commenters have complied with EAC’s Blog Code of Conduct. EAC’s decision to post or not post a comment is final and may not be appealed or reconsidered.

EAC expects that participants will treat each other, as well as our agency and our employees with respect. EAC recognizes that the Internet is a 24/7 medium and comments are welcome at any time; however, we will typically review and post comments only during normal business hours.

You may only submit a comment for posting on EAC’s blog if you are older than 13 years of age. You will be asked to re-type a grouping of letters and/or numbers, which indicates that you agree to EAC’s Code of Conduct and also serves as an affirmation that you are older than 13 years of age. Your comment will not be transmitted to EAC for review and posting unless and until you successfully re-type the grouping of letters and/or numbers provided on your comment submission form. Read the full policy.

We look forward to reviewing your comments!

Please input the text and numbers that you see above into the following box in order to post your comment.