The History of Passwords, and How We’re Making Passwords History
A Brief History of Passwords
The first computer password was developed in 1961 at the Massachusetts Institute of Technology for use with the Compatible Time-Sharing System (CTSS), which is essentially the grandfather to the basic computing functions we use today. Also in 1961? The first known password related breach, which occurred when a researcher printed out passwords and gave them to other users.
These first passwords were simple and easily stored, since sophisticated hacking networks and password-cracking programs did not yet exist. But the system was also easily duped, as we saw in the late 1970s when the first real hackers started to appear, hacking into phones for fun or to make long distance phone calls for free.
The Watershed Decade in the History of Hacking
In response to this, in 1979, the National Bureau of Standards created the Data Encryption Standard (DES), which remained the standard for 20 years before being replaced with more efficient and stronger algorithms.
The infamous Morris Worm came along in the 1980’s and was spread by exploiting vulnerabilities in UNIX send mail, finger, and rsh/rexec as well as by guessing weak passwords. The worm impacted thousands of computers in 1988 and showed that hacking was no longer fun and games - there were sophisticated people out there who knew there was something to be gained by achieving access to secure computer systems.
This led to the birth of multifactor authentication and was soon followed by a new standard in 1997, the Advanced Encryption Standard, which was created by two scientists and submitted as a proposal to the U.S. National Institute of Standards and Technology (NIST) and was soon after broadly adopted.
Passwords Start to Retreat
Fast forward to 2020 and authentication has come a long way -- but criminals are never far behind. Passwords are still the norm, but not for long because even the strongest passwords aren’t strong enough—especially as mobile, the IoT, social media and other technologies expand attack surfaces. MobileIron, alongside organizations like the FIDO Alliance and the World Wide Web Consortium (WC3), are committed to getting rid of passwords entirely.
Decades of breaches showcase that companies across the globe have one thing in common - they all do a terrible job of securing passwords. From weak passwords to repeat passwords, they’re all the result of a badly designed system. The solution to this bad system? New technologies that eliminate the need for a password.
This World Password Day, treat yourself by upgrading to a new suite of authentication products that allow IT managers to abolish the password through “zero sign-on” access. This solution relies on security features in modern hardware coupled with other signals to make a no-password login as secure as one with a password.
For more information on MobileIron Zero-Sign On Authentication visit: https://www.mobileiron.com/en/products/access