1961 was a big year for humanity. John F. Kennedy was sworn in as the 35th president of the United States. Way above, an astronaut Yuri Gagarin becomes the first human to go into outer space.
Meanwhile, computer science professor Fernando Corbato is introducing the first-ever computer password in a remote MIT basement. Some might say this news pales in comparison. However, it might not be the case. Nowadays, passwords protect corporate secrets, politicians' Twitter accounts, and Internet users worldwide.
Simultaneously, password hacking became a popular cybercrime method. That's why we should look into the history of password management and see what went wrong and what could be done better because bad password management is still an ongoing issue.
The History of Digital Passwords
We can divide the history of the password into two timelines: the pre-digital era and our current timeline. The emergence of passwords as we know them dates back to Ancient Rome. They used it as an identity-verification tool for military purposes. This primary verification purpose remains relevant today.
Later on, specific words were used to reveal affiliation to a particular group. Medieval guild members could utter a guild-specific password so that others knew they were not the enemy. Remember the classic example of "shibboleth." Members of a particular tribe identified their enemies via this word because they had a different dialect and could not pronounce it correctly.
Let's not dwell on the past too much. Jumping straight to professor Corbato at MIT, we have the same principle, yet a different structure. He worked with a Compatible Time-Sharing System OS that allowed multiple user accounts on the same system with the same core. However, there was a problem. How does the system know which one is using it? The professor suggested using different passwords for each, paving the way for modern password management.
Those passwords were made of four numbers, so that's not safe. Five years later, a cunning scientist Allan Scherr became the first password hacker. While he was a Ph.D. candidate, his time using MIT computers was limited to four daily hours. For some time, he exploited a flaw in the system that allowed him to erase the traces of the time spent on a device. However, later on, he lost system privilege access and had to regain them.
He noticed that printing out files is possible by submitting a simple system request. So he asked the system to print out a master password file. He obtained a complete list of user passwords and became the first-ever password hacker.
This otherwise funny story points out the complexity of password security. Sometimes it doesn't matter if the password is long, unique, and has a variety of characters. Another issue is how they are stored and who can access them.
For the upcoming three decades, password management was not a huge issue. However, in the early-to-middle 90s personal home computers started to become a norm. The Internet rapidly expanded, and by the dawn of the new millennium, we have people shopping online.
Online financial transactions demanded safety, and passwords became much more relevant. Around the same time, the first password managers come into existence. Over two decades, they have secured their place alongside other cybersecurity software and implemented advanced encryption algorithms.
Right now, password managers are widely prevalent alongside the most secure cloud storage providers. Let's take a closer look at how they improved password security over the years.
Password Manager Safety
The first digital passwords were stored in plain text form. It is also the least secure way. Allen Scherr would have achieved nothing if his print consisted of password hashes.
Password managers do not store passwords in plain text. They use a technology called password hashing. It's a one-way function that scrambles the original password into an irreversible string called a password hash. The next time someone uses a password, it is once again hashed, and the hash values are compared. If they are the same, access is granted.
However, two users with the same password will generate the same hash values. Moreover, this password security method is particularly susceptible to data leaks, like RockYou2021.
Cybersecurity experts increased password hashing safety by applying salts. Salt is a random string of data stored alongside the hash. It is attached to the password, and the hash generation looks like this: password hash = (hash function(salt+password)). Remember that salt can be as long as 32 characters, reducing the chances of brute forcing to a practical zero.
There are even more complex ways to secure passwords, but that's a topic for another time.
To summarize, passwords are an essential part of human history. Whether for identity confirmation in pre-digital times or bank account safety right now, the significance of passwords is obvious. Even though computer scientists are coming up with ways to avoid passwords (for example, with multi-factor authentication), others are skeptical it will ever happen. Moreover, passwords are becoming increasingly safer and more comfortable to use, and they might be here to stay for a long while.