At least twice, Sean Spicer has accidentally tweeted the password to his official White House spokesman Twitter account

Day six! It's also a pretty shitty password. Let's hope he's got 2-factor auth turned on! Also, Trump's still using his insecure personal Android device.

Anyone wanna take a guess at what "aqenbpuu" is an acronym for?

With any luck, @PressSec has two-factor authentication and President Trump's use of his Android phone is limited to Twitter posts (though a staffer still occasionally posts for him from an iPhone). Unfortunately, it does not appear that the new Trump @POTUS account is thus secured—as recently as last night, the account was only tied to the Gmail account of Trump's social media chief Dan Scavino (dscavino@gmail.com) for password reset links. The same goes for Spicer's @PressSec handle. The account for Vice President Michael Pence was separately tied to vicepresident2017@gmail.com, according to the hacker known as WauchulaGhost. (WauchulaGhost has previously claimed responsibility for taking over a number of ISIS accounts, and he told CNN about Pence's situation on January 24.)

Get ready for the next White House e-mail (and Twitter) scandal
[Sean Gallagher/Ars Technica]