For all of Donald Trump’s extended hand-wringing over Hillary Clinton’s emails, his concerns about her conduct appear to have merely been campaign rhetoric. Though Trump came down harshly and repeatedly on Clinton’s use of a private email server while secretary of state, he’s since remained silent about the lapses he and some of staff have had in cybersecurity.

Thursday morning, White House press secretary Sean Spicer tweeted a bizarre string of eight numbers and letters before deleting them shortly thereafter. Some on Twitter guessed that he may have accidentally broadcast his Twitter password.

You should probably not post your password dude. And you should probably change it now https://t.co/1w5A3wojBK pic.twitter.com/x0M29YH2CL — Yashar (@yashar) January 26, 2017

This wasn’t Spicer’s first cryptic tweet since assuming the role of press secretary. The day before, he published a different unintelligible mix of letters, which he promptly deleted.

In the midst of Spicer’s tweeting, a New York Times article was published Thursday that detailed possible security risks President Trump himself could pose because of his continued use of an old, unsecured Android phone. (Trump uses it for, among other things, tweeting.) As the New York Times’s Cecilia Kang explains,

Twitter requires a connection to the internet, which exposes the device to security vulnerabilities if proper measures like two-factor authentication — a password and a code texted to a phone, for example — are not in place. If he uses the smartphone on an unsecure Wi-Fi network, he could be exposing his location and other personal information on the device.

Then, seemingly confirming the security vulnerabilities related to Trump’s Twitter habit, it was revealed that Trump’s account is tied to the private Gmail address of Dan Scavino, Trump’s head of social media. The recovery screen below, if authentic, indicates that Trump had not set up two-factor verification for his account, a simple procedure that helps users limit who is able to log in to their accounts and also whether personal information is shown if a password needs to be recovered.

Trump’s own fixation on hacking predates his presidential campaign and, like much of his discourse, is evidenced on Twitter. While many remember when Trump urged Russia to hack Clinton’s emails in July 2016 during a news conference, it’s worth noting that he also called for a hack of President Obama’s college records back in September 2014.

Attention all hackers: You are hacking everything else so please hack Obama's college records (destroyed?) and check "place of birth" — Donald J. Trump (@realDonaldTrump) September 6, 2014

In 2015, he criticized the federal government after Chinese hackers stole Social Security numbers of federal employees.

China just hacked our federal government & stole gov. workers’ information. Why do our leaders let China get away with this?! No respect. — Donald J. Trump (@realDonaldTrump) June 5, 2015

And in 2016, he actually doubled down on his controversial invitation for Russia to hack Clinton, tweeting:

If Russia or any other country or person has Hillary Clinton's 33,000 illegally deleted emails, perhaps they should share them with the FBI! — Donald J. Trump (@realDonaldTrump) July 27, 2016

After his election, Trump criticized the Democratic National Committee for allowing itself to be hacked, arguing that the Republican National Committee was not hacked because it had better security. In fact, FBI Director James Comey told lawmakers that Russian hackers did execute a “limited penetration” of older RNC systems “no longer in use.”

Gross negligence by the Democratic National Committee allowed hacking to take place.The Republican National Committee had strong defense! — Donald J. Trump (@realDonaldTrump) January 7, 2017

Then earlier this month, ignoring evidence from US intelligence agencies that Russia was definitively behind the hacks, Trump tweeted:

Intelligence stated very strongly there was absolutely no evidence that hacking affected the election results. Voting machines not touched! — Donald J. Trump (@realDonaldTrump) January 7, 2017

At a news conference days later, Trump finally acknowledged that Russia was involved in election hacking, saying, “As far as hacking, I think it was Russia. Hacking’s bad, and it shouldn’t be done.” Still, he praised the results of Russia’s efforts. “But look at the things that were hacked, look at what was learned from that hacking,” he said, likely referring to Clinton campaign chair John Podesta’s emails.

Most recently, Trump called the dossier of unverified claims about Russia’s supposed information about him “FAKE NEWS,” and promised to release a “full report” on Russian hacking of the election within 90 days.

Totally made up facts by sleazebag political operatives, both Democrats and Republicans - FAKE NEWS! Russia says nothing exists. Probably... — Donald J. Trump (@realDonaldTrump) January 13, 2017

released by "Intelligence" even knowing there is no proof, and never will be. My people will have a full report on hacking within 90 days! — Donald J. Trump (@realDonaldTrump) January 13, 2017

One would hope Trump is less keen on inviting foreign governments to hack federal agencies now that he holds the keys to the White House. Regardless, his entire administration should look into two-step verification for all of their accounts ASAP, at the very least.