History of the Password
The Evolution of the Password
Every few months, banks, our company’s IT department, email clients and certain apps remind us to change our passwords. And when we do, some systems even assess the level of difficulty of our new passwords, telling us if our new password is weak or strong. We’re also told that we’re not allowed to reuse a previous password when we’re too lazy to come up with a new one.
But how, exactly, did the password come into being? Is it a product of modernization or technology? What’s the history of the password?
The password traces its origins to the ancient Roman military watchword used to differentiate allies from enemies, as chronicled by Hellenistic historian Polybius. The Roman soldiers used tablets upon which was inscribed the watchword and passed this on from maniple to maniple systematically until the tablets reached the military tribune from whence they came. The password has a long and storied history.
Later, during the Second World War in the Battle of Normandy, U.S. 101st Airborne Division paratroopers used a challenge (“flash”) that required a password response (“thunder”). Lastly, a countersign to challenge the original person that started the challenge (“Welcome”). This is portrayed in the movie Saving Private Ryan. These passwords were changed every three days for security purposes. Not a password you want to get incorrect, as the result would be a barrage of .30-06 bullets fired your way. This is an example of challenge-response authentication.
Another version of the password used by American paratroopers on D-Day was the metallic click and the response comprising two clicks using a device they called a “cricket.”
Fernando Corbató and the modern password
The introduction of the modern computer password is usually attributed to Fernando Corbató – a brilliant American computer scientist known for pioneering the development of time-sharing operating systems.
The initial time-sharing system Corbató was involved in was the Massachusetts Institute of Technology (MIT) Compatible Time-Sharing System (CTSS), whose early version was released in 1961. All researchers had access to the system, but the problem was that they were using a common mainframe and only one disk file. So, to ensure each researcher’s individual file remained private, users had to create their own password to access their files during their allotted four hours every week.
Back then, Corbató considered the password a rudimentary security method. However, its utter simplicity paved the way for its popular adoption. So the password eventually became the long-term solution for maintaining computer security. It’s simple, it’s cost-effective, requires virtually no training, and can be propagated with ease.
In general, the use of passwords remained limited to tech researchers like Corbató and other people on his team studying how powerful computers were. This means that cybercrimes such as the ones we experience today were totally unknown at the time.
However, things changed when Internet use exploded in the 1990s. Plenty of sensitive data was being stored in systems and online. Value moved online, and crime followed. Therefore, passwords also had to be more secure to protect sensitive data from being stolen and misused.
To achieve that goal, computer scientists turned to cryptology, and terms like “hashing” (developed by a cryptographer named Robert Morris Sr.) and “salting” were introduced as methods of making it more difficult to guess passwords.
Why? Because hacking happens every day to lot of big companies – including Google, eBay, LinkedIn, Yahoo, Microsoft, LastPass, and Facebook. They have had their systems and or databases breached through the years. This compromised data (including passwords) collected from private individuals and even corporate clients. Just recently in June 2021, the so-called “RockYou2021” attack resulted in 3.2 billion leaked passwords from multiple databases.
Password best practices
If you think your password or account has been compromised, take measures to protect your data online:
- Improving password strength on all accounts.
- Using a totally different password for every account – do not reuse passwords.
- Adopting two-factor authentication before it’s too late.
- Using passphrases, not simple passwords that hackers can crack (guess).
- Use a password manager to better manage your corporate passwords.
And while passwords may not be the ultimate solution for online security, they’re not going away fast enough. So, create strong passwords so that you’re protected to a certain degree. But more importantly, use a password manager. This way, the IT admin can directly create and enforce strong passwords, without the end user’s involvement.