For Cybersecurity Awareness Month this year, we're taking a look at the past and future of cybersecurity. Our first post in this series examines the history of the computer password.
From email to video games, nearly everything we do online needs a password to be accessed. But how exactly did that become a thing?
A history of secrecy
Passwords have been around way longer than computers and smartphones. The concept of restricting access or denying entry unless a specific phrase is provided has existed for centuries and appeared countless times in both history and literature.
Roman sentries used a system based on watchwords to grant or deny entry to an area. The phrase "open sesame" had to be uttered to open the mouth of a magical cave in "Ali Baba and the Forty Thieves". And during Prohibition, a password was required to enter speakeasies; a concept that was famously spoofed by the Marx Brothers in 1932's "Horse Feathers".
However, in terms of the computer password specifically, we can trace the origin of that directly back to one man: Fernando Corbató.
In 1961, Corbató (who sadly passed away last year) was heading a project at the Massachusetts Institute of Technology called the Compatible Time-Sharing System. CTSS marked the beginning of the idea that operating systems could work on multiple threads simultaneously, basically multitasking, and had a significant impact on how computers function today.
While working on this project, he ran into a unique problem. "The key problem was that we were setting up multiple terminals which were to be used by multiple persons but with each person having his own private set of files," he told WIRED in 2012.
Corbató's solution was simple: give each user their own password.
And the rest is history.
The first hack
Sure enough, the earliest documented case of password theft would take place not too long after the very concept of the computer password was first invented.
In 1962, Allan Scherr, a Ph.D. researcher at MIT, wanted to bump up his allotted CTSS usage time in order to run some detailed performance simulations. He only had access to the system for 4 hours, but needed more than that.
To gain that extra access, he decided to exploit a procedure that required him to submit a punched card to print out any file on the system, which allowed him to obtain a physical printout of the all the passwords stored in the system, and log in as anyone.
Luckily, Scherr was not an intruder, but a fellow researcher working on the project. He eventually confessed to what he did 25 years after the fact, and later recounted the story in a pamphlet commemorating the 50th anniversary of CTSS.
It may have been easy for Scherr to do what he did back in the 60s, but computing and cybersecurity have come a long way since then, with the introduction and development of advancements like encryption, biometrics, two-factor authentication, and of course, password managers.