Not surprising
As horrific as this is, it doesn't surprise me.
Politicians are are still people. And for years the general accepted rules for password management have encouraged ridiculous policies that virtually guaranteed that these kinds of issues would occur.
Even the original author (sorry forgot his name now...) has gone so far as to apologize for his original recommendations because they've done overwhelmingly more harm than good.
What this story tells me is that their IT policies desperately need an update. Preferably one that doesn't require people to change their passwords every 30 days, and focus on longer but more easily typeable and memorable passwords.