The History of Passwords


If we’re only talking about passwords in general, regardless of the medium in which they are used, we can safely assume that safe passwords have been around even before recorded history, right around the time when men have started doing organized lookouts. However, in the context of computers, the first system that had a login command and requested a password was introduced in 1961 in the Massachusetts Institute of Technology. This early type of time-sharing computer turns off the printing mechanism after typing PASSWORD so that an individual may type his password discreetly. 

It is surprising to know that even with all the advances in secret key and public key cryptosystems, strong password authentication still remains a problem today. As negative as it may sound, the history of passwords itself is full of weak and easily compromised systems and even more surprising is the fact that most of them are still being used today.

Usually, authentication systems are considered weak if they directly leak the inputted password over the network or they give away enough information while doing their authentication, which allows malicious individuals to intercept the information and use it to guess the string that makes up the password.

One of the weakest and oldest methods of authentication is by storing clear text passwords in some sort of database on the same server. While authenticating, the password is sent by the client directly to the server, which the server compares with the data stored in the database. The problem with this is that the passwords are directly sent as it is, and if a person manages to intercept it, he will have gotten the exact password that he needs to compromise the account.

An improvement over clear text passwords was later made, and the improvement is that passwords sent to the server are now run through a 1-way hash function, which helps by converting the string into a random-looking sequence of bytes. This offers an improvement over clear text passwords, which is the reason why it is still being used today, primarily by UNIX systems. The only problem with hashed passwords is that they still transmit the passwords directly to the server, which an individual can intercept. If the individual is able to decipher the information, then he or she will have succeeded in compromising the account.

A further improvement on password security gave birth to Challenge-Response passwords. Currently, this is the best example of a strong password system for direct authentication systems. The way it works is that the server sends the user a type of challenge, like a bunch of random strings, which the user would then compute and respond to. The major effect of this is that even if a malicious individual manages to intercept both the user and server side streams of the challenge response system, it will not help him gain access in the future since the strings are random and future sessions will require different responses. 

At the end of the day, the improvements in encryption and password security still means little if the owner of the account himself is irresponsible or is unable to create safe passwords. One of the most common ways that people get other passwords is through brute force hacking, which only works if you don’t have a strong password. For people having trouble coming up with one, it is best to use a good online password generator.