Unisyn voting machine manual instructs election officials to use and recycle weak passwords

No one knows who wrote this Unisyn optical vote-counting machine manual that has appeared in multiple sites served by the California-based vendor, but only because Unisyn won't comment on whether they wrote it.

The manual instructs voting officials to circumvent federal voting guidelines by using weak passwords for voting machines, and then by cycling back and forth between passwords when the federally mandated password-change prompts come up. It also instructs them to create new passwords by incrementing a final digit (e.g. password1, password2, password3) or to use "unisyn" as the password.

Unisyn machines are used in 3,629 precincts in 12 states, plus Puerto Rico.

The manual indicates that the username to log into the election-management system is "administrator,” and the sysadmin password is a simple string of five letters with a number appended to it. The root password is the company's name with the same number appended to it.

Once logged into the system the credentials needed to access the tabulation monitor or the system for creating reports of ballots and vote tallies are different. The username is again a simple word to log in. The password is the same word with "1" appended to it. Users are told that to change the password when prompted, they should simply change the number sequentially to 2, 3, 4, etc.

The username for logging into the critical tabulator client where votes are tallied and stored is "supervisor.” According to the manual, the password is "election specific"—meaning officials create a different password for the tabulator client for each election. Given how simple other passwords for the system are, it's not likely this election-specific password is more sophisticated, however.

Voting Machine Manual Instructed Election Officials to Use Weak Passwords [Kim Zetter/Motherboard]