A Brief History of the Password & Why It Matters

jmacinnis's picture

“Success in creating AI would be the biggest event in human history. Unfortunately, it might also be the last, unless we learn how to avoid the risks.”

– Steven Hawking

Passwords are the bane of our existence. Users find them inconvenient, and IT finds them inefficient. Worst of all, they are no longer very good at protecting accounts and data. However, we all still use them. How did we get to where we are?

A Brief History of Passwords

MIT was a hotbed of computer activity in the early days. In 1961, MIT was designing computers for multiple users. It was around this time that innovators at MIT, Bell Labs and Unix (then Unics) started thinking about the value of being able to have systems verify that users are who they say they are, which led to the birth of authentication. Also in 1961, the first known breach occurred when a researcher printed out passwords and gave them to other users. And then, in 1962, a software bug infected the system’s master password profile, making everyone’s passwords available to anyone who logged in. At this early stage in password history, hackers were more interested in exploring and testing computer systems than in criminal activity.

Authentication Takes a Leap Forward

By the late 1970s, the first real hackers started to appear. Some were “pranking,” while “phreakers” were making free long-distance calls by hacking into phone systems. In 1979, with great foresight, the National Bureau of Standards created the Data Encryption Standard (DES), which remained the standard for 20 years before being replaced with more efficient and stronger algorithms.

In the 1980s, more and more desktop computers made their way into offices and homes. The infamous Morris Worm came around in 1988, infecting 6,000 networked computers; hacking was no longer fun and games. Also in the 1980s, the first instances of multifactor authentication (MFA) tokens appeared, mostly for use in nascent remote access VPNs.

In 1997, the Advanced Encryption Standard (AES) was created by two Belgian scientists who submitted a proposal to the U.S. National Institute of Standards and Technology (NIST). AES was adopted and is still used today. Around this same time, CAPTCHA was created. In 2013, it was updated to a version that determined the user’s humanity through clicking style. It has more recently been updated to Invisible CAPTCHA, which utilizes browsing behavior to determine humanity.

Passwords Start to Retreat

Authentication has come a long way, but criminals are never far behind. Passwords are still the norm, but perhaps not for long. Why? Even strong passwords aren’t strong enough—especially as mobile, the IoT, social media and other technologies expand attack surfaces. Another reason is that consumers, now used to conveniences like TouchID, demand better digital experiences. And of course, businesses want to escape the inefficiencies and damages caused by data theft. Several organizations, such as The FIDO Alliance and the World Wide Web Consortium (WC3), are committed to getting rid of passwords entirely.

What’s in Store for Authentication?

Some say we’re currently in the throes of an authentication revolution. Some noteworthy trends include:

  • New Technologies: Multi-factor authentication (2FA and 3FA), biometrics, contextual authentication, behavioral authentication and AI are all in play.
  • Factor Proliferation: A broad mix of authentication factors are available—what you know (password, secret question), what you have (token, smartcard), what you are (fingerprints, eyes, faces) and even how you act. Location, time, and velocity are other factors. With AI and machine learning, it’s possible to authenticate users based on behaviors (keystrokes, walking), with the system adapting to how behaviors change over time.

Ditching Passwords

Cutting-edge companies are ditching passwords and embracing new technologies to reduce security risks and stay competitive. With hackers always seemingly a beat ahead, next-level authentication is a must. HID provides a comprehensive platform to deliver strong authentication. Explore ActivOne.

Get the latest blogs on identity and access management delivered straight to your inbox

John MacInnis is a Product Marketing Manager for Identity & Access Management Solutions (IAMS). He has a background in cybersecurity and has held product marketing, product management and technical marketing positions at Philips Healthcare, Cisco, Intel and Phoenix Technologies.