The History of Passwords, and How We’re Making Passwords History

A Brief History of Passwords

The first computer password was developed in 1961 at the Massachusetts Institute of Technology for use with the Compatible Time-Sharing System (CTSS), which is essentially the grandfather to the basic computing functions we use today. Also in 1961? The first known password related breach, which occurred when a researcher printed out passwords and gave them to other users.

These first passwords were simple and easily stored, since sophisticated hacking networks and password-cracking programs did not yet exist. But the system was also easily duped, as we saw in the late 1970s when the first real hackers started to appear, hacking into phones for fun or to make long distance phone calls for free.

 

The Watershed Decade in the History of Hacking

In response to this, in 1979, the National Bureau of Standards created the Data Encryption Standard (DES), which remained the standard for 20 years before being replaced with more efficient and stronger algorithms.

The infamous Morris Worm came along in the 1980’s and was spread by exploiting vulnerabilities in UNIX send mail, finger, and rsh/rexec as well as by guessing weak passwords. The worm impacted thousands of computers in 1988 and showed that hacking was no longer fun and games - there were sophisticated people out there who knew there was something to be gained by achieving access to secure computer systems.

This led to the birth of multifactor authentication and was soon followed by a new standard in 1997, the Advanced Encryption Standard, which was created by two scientists and submitted as a proposal to the U.S. National Institute of Standards and Technology (NIST) and was soon after broadly adopted.

 

Passwords Start to Retreat

Fast forward to 2020 and authentication has come a long way -- but criminals are never far behind. Passwords are still the norm, but not for long because even the strongest passwords aren’t strong enough—especially as mobile, the IoT, social media and other technologies expand attack surfaces. MobileIron, alongside organizations like the FIDO Alliance and the World Wide Web Consortium (WC3), are committed to getting rid of passwords entirely.

Decades of breaches showcase that companies across the globe have one thing in common - they all do a terrible job of securing passwords. From weak passwords to repeat passwords, they’re all the result of a badly designed system. The solution to this bad system? New technologies that eliminate the need for a password.

This World Password Day, treat yourself by upgrading to a new suite of authentication products that allow IT managers to abolish the password through “zero sign-on” access. This solution relies on security features in modern hardware coupled with other signals to make a no-password login as secure as one with a password.

For more information on MobileIron Zero-Sign On Authentication visit: https://www.mobileiron.com/en/products/access

Brian Foster

Senior Vice President of Product Management

About the author

As SVP of Product Management, Brian is responsible for overseeing product direction and innovation. Brian brings more than 25 years of experience to his role. Prior to MobileIron, Brian founded a startup in the identity management space. Before that, he was SVP of information services at Neustar, the leader in identity resolution. At Neustar, Brian’s teams were responsible for solutions in marketing services, risk and fraud, registries, and security services. He also oversaw the product development and go-to-market operations. Prior to that, Brian was CTO at Damballa, a private company that discovered advanced threats running in enterprises and large internet service providers. As CTO, Brian was responsible for the advanced research, product strategy, and engineering operations.

Before Damballa, Brian was SVP of product management at McAfee. He oversaw McAfee's global product management functions and was responsible for over 80  enterprise and consumer products, generating more than $2B in revenue. Prior to joining McAfee, Brian was VP of product management at Symantec, where he oversaw product innovation for the enterprise endpoint. Brian has a BA in Economics from UCLA and completed the executive program in management from UCLA’s Anderson School of Management.