A short history of passwords

The Not So Secret History of Passwords

The password dates back to the earliest days of shared computer systems, all the way back to the 1960’s.

The MIT shared computer system circa 1960’s

Here’s a quick timeline of what happened with passwords:

1961: Massachusetts Institute of Technology (MIT) creates the computer password so that multiple people can use a shared computer system. Each user needed an individual password to access the system, and usage time was tracked. All of the passwords were stored in the system.

1962: Researcher Allan Scheer used the time share computer system at MIT for his research, but he could only use the system for four hours a week. So he found a way to print out the password list, and he was able to “hack” in as other users to get around the time limit.

So the very next year after the computer password was invented, hacking had already started!

1970s: Cryptographer Robert Morris develops “hashing”: this system translates a password into a numerical value, and the password isn’t stored physically on the computer.

Today: Modern computer systems often use an updated form of hashing that’s referred to as “salting.” This method seeks to further obscure passwords from those who might be trying to figure out what they are.

However, despite all the time that has gone by and all the advances in computer systems, password-based systems to this day remain a security standard. And they remain vulnerable.

This is largely because the passwords people use are overly simple (users tend to make them short and easy to remember) and because many systems allow a user to guess multiple times and/or enable password hints or even “forgot my password” reset options.

If you’ve seen the movie Who Framed Roger Rabbit?, maybe you remember Jessica Rabbit’s famous line…

“I’m not bad, I’m just drawn that way.”

Well, passwords are similar in this regard. They aren’t inherently bad, they’re just used in a bad way.