Even though Microsoft is actively promoting the concept of a “passwordless future” for many years. Here is brief history of passwords. it is much more challenging to believe in the fantastic new world. Could there be something more unshakable and permanent than checking “friend or foe” using a code word? We figure out how passwords appeared, spread and why IT corporations are planning to abandon them.
Life and death password history of passwords
At least Code phrases in the form we automate to use 200 years. Before the birth of Christ, already in ancient Rome. Those wishing to enter the cities’ territory demanded a specific phrase, which the sentries received on a wooden plate. Even then, what is funny, a kind of analogue ancient Roman blockchain was- during the transfer of the tablet. It was always known which group of people it is right now, and if. It will not return for regular “verification” at the right time. this group of people would be in serious trouble.
The next logical and authentic step in the evolution of analogue history of passwordswas end-to-end encryption. In many military operations (for example, the Battle of Normandy). Knowing the password and the answer became a crucial part of communication. that changed as often as possible. It was practically comparing emoji in secret Telegram chats.
First digital password and first leaks
The operating system introducing password login was the Compatible Time-Sharing System (CTSS), developed at MIT. One of the main tasks in its creation was the distribution of the most valuable resource. The time during which people could work with the system. After entering the password a person could work for four hours. During which it was necessary to have time to complete a maximum of tasks.
When entering the password, there was even an analogue of modern “asterisks”. If possible, the system turns off the printing mechanism for greater privacy during input.
Fernando Corbato
Of course, the name of the “father” of the concept is also everyone knows. This is Fernando Corbato, leader of the team that created CTSS. It’s funny that, although the goal was to ensure information security not provides. The secure storage of the passwords themselves was. The reason is simple. the computer systems of that time did not have many resources. and it was wasteful to spend them on solving this problem. “Nobody wanted to devote too many machine resources to authentication tasks,” Corbato recalled. Of course, with such initial ones, the first security incidents could not fail.
They happened in the early 1960s. One of the employees found that the password master file was issuing with the appropriate command like history of passwords. A simple and obvious way to bypass protection. The first documented case of one hundred per cent compromise of the user base of one “service”.
And in 1966, someone confused the OS welcome message and the master file with passwords. That is, anyone who login into the system had access to all employee data. According to Corbato’s recollections, there were even people who took advantage of this. Nothing criminal: just for the sake of a joke, employees entered colleagues’ files and left various messages there. Such is the trolling on massive computers of the 1960s. The ability to store passwords in Unix operating systems in hashed form appeared only in the 1970s.
We review the most interesting and debatable topics from the IT world on Habré. If you want to keep abreast of news, traditionally included in the top read, subscribe to our blog.
Back to basics history of passwords
The next stage of evolution is the managers for all services pasword. They helped popularize the opinion. that writing down the master password on paper and putting it. it in a safe place that is the best thing to do here. There are only two arguments in favour of this, but they sound very logical.
- If you store your password in a truly secure place, it is implausible that someone will break the laws of your country to steal it.
- You will surely make your master password long and unique so that you don’t forget it for sure. It’s hard to be light on your safety. That is why there is a high risk of failing it one day. And in this case, recovering all passwords (of course, also complex and unique) for all. Its services will become a severe problem.
Thus, its loops out the history of passwords beautifully. Starting with wooden tablets in ancient Rome, they ended up with pieces of paper in safe places.
Password as evil
Interestingly, in 2014, Corbato described his password system as a “nightmare.” According to him, at the time of creation. they could not foresee the emergence of the Internet. in its present form. In his opinion, the situation is obvious.No one can memorize many different complex words for all the necessary services, so one of two things happens in the real world. Either people use memory crutches. which seriously diminish the effectiveness of the concept. or they use managers that Corbato also does not consider reliable.
sufficient to protect
“Passwords do not provide a super-high level of security, but they are sufficient to protect against accidental snooping”. So Corbato assessed the reliability of the system as such at the end of life. Tellingly, Bill Gates predicted the “quick” death of passwords. (for the same reasons) back in 2004, but they are still with us.
According to Corbato himself, he had about 150 passwords from various services, and he used various tricks to remember them. He died at the age of 93 in July 2019.
The history of passwords ends at this point, and they may be reborn into something more reliable and exciting. Of course, getting rid of passwords is not a quick process. but if the idea takes root in a few years, we will feel the results of the changes. I wish they were positive.
