Who invented computer passwords

Who invented computer passwords?

Something akin to passwords seems to have been used, at least since the time people started to write history. For example, one of the first mentions concerning what may be called a “password” is contained in the “Book of Judges of Israel”, which was written around the 6th or 7th century BC. In particular, the 12th chapter says: “And the Gileadites seized the crossing over Jordan from Ephraim, and when some of the surviving Ephraimites said,“ Let me cross, ”then the inhabitants of Gilead said to him: Are you not Ephraimite? He said no. They said to him "say: shibbolet," and he said: "sibboleth", and could not speak out otherwise. Then they took him, and killed him at the ferry across the Jordan. ”

Roman legionnaires were known to use a simple phrase system to determine if a stranger was a friend or an enemy. The Greek historian Polybius, who lived in the second century BC, describes in detail such a system of passwords: “... from the tenth maniple of each class of infantry and cavalry, maniples,which is located at the very end of the street, a person is chosen who is exempt from guard duty; and every day at sunset he goes to the tent of the tribune and receives a password from him and a wooden sign with the word, after that he leaves and on returning to his unit he gives the password and the sign to the next manipulator in front of the witnesses, which in turn sends them further. So they do it until the turn comes to the first maniples, those that are located at the tents of the stands. The latter are required to deliver a sign to the stands before dark. If the sign returns to the podium, this means that all the maniples know the password. If any of them is omitted, the tribune immediately makes a request; from the marks on the table, he sees which unit did not transfer the password, which means that he should suffer a well-deserved punishment. ”

The Roman historian Suetonius writes that Caesar used a simple cipher that required the recipient to know the key necessary to decrypt the message.

As for more modern times, the first known password system on an electronic computer was implemented by a computer science professor at the Massachusetts Institute of Technology (MIT) Fernando Corbato.In 1961, MIT developed a huge computer called the Compatible Time-Sharing System (CTSS - Compatible Time Sharing System). During a 2012 interview, Corbato said: “The key issue with CTSS was that we installed several terminals that were used by different people, with each person having their own personal set of files. Entering an individual password as an access lock seemed like a very simple solution. ”

Before proceeding, it is worth saying that Korbota does not believe that he was the first to introduce a system of computer passwords. He suggests that the Semi-Automatic Business Research Environment (Saber - Semi-Automatic Commercial Research) device, created by IBM in 1960, probably used passwords. However, when IBM representatives were asked about this, they expressed their uncertainty as to whether the system initially had such security. And since there seems to be no surviving records of this, Corbato is credited with the fact that he is the first person who entered the password system on an electronic computer.

The essence of the problem of early proto-passwords is that they were all stored as plain text, despite the gaping security hole that this entailed.

In 1962, a student named Allan Sherr was able to force CTSS to print all computer passwords. Sherr notes: “There was a way to request files for printing offline using a punch card with the account number and file name. Late on Friday, I sent a request to print files with passwords, and early in the morning on Saturday I went to the filing cabinet, where I found printouts ... I could continue to steal computer time. ”

This “theft” consisted in using the computer for more than the time allotted to it (usually 4 hours each day).

Scherr then distributed a list of passwords to hide his involvement with the data leak. The system administrators then simply thought that there must have been some kind of error in the password system, and Sherr never figured it out. We know that it was his handiwork, only because he himself admitted this almost half a century later. This data leakage made him the first person on Earth who managed to steal computer passwords, and he seems very proud of this status.

According to Sherr, while some people used passwords to work longer behind the machine, others came under other people's accounts just to leave offensive messages to those who did not like.

Whatever it was, about five years later, in 1966, CTSS again encountered a massive data leak, when the administrator accidentally confused files with a welcome message displayed on the screen and passwords ... This error caused each password saved on the machine, it was displayed to any user who tried to log into CTSS. During an interview for the publication of a newspaper dedicated to the fiftieth anniversary of the creation of CTSS, engineer Tom Van Vlek recalled "The Passwords Incident" and jokingly stated: "It happened on Friday at five o'clock in the evening, and I had to spend several hours changing passwords of people ".

In order to get rid of the problem of simple text passwords, Robert Morris created a one-way encryption system for UNIX. Subsequently, with the development of computational power and smart algorithms, more efficient encryption systems were developed, and since then the battle between white and black hats has been fought tirelessly.

All this led to the fact that in 2004, Bill Gates famously declared: "[Passwords] do not meet the requirements of everything that you really want to protect."

Of course, the biggest security hole is, as a rule, not the algorithms or software, but the users themselves. As the famous creator of XKCD Randall Munroe once said: “For 20 years, we have successfully taught everyone to use passwords that are difficult for people to remember, but easy to guess for computers.”

The blame for the fact that people create bad passwords can be placed on the widespread recommendations of the National Institute of Standards and Technology. In particular, we are talking about Appendix A, written by Bill Burr in 2003.

Among other things, Burr recommended using words with random characters, including capital letters and numbers. He also emphasized that system administrators force people to change passwords regularly to ensure maximum security ...

Referring to these seemingly universal recommendations, Burr said in an interview for the Wall Street Journal: "I regret a lot of what I did ...".

In fairness, it should be noted that research on the human psychology of creating passwords did not exist at the time Burr wrote the recommendations, and from a theoretical point of view, passwords created with his advice seemed more secure than using ordinary words.

The British National Cybersecurity Center (NCSC) points to the problem with these recommendations: “... the increasing popularity of using passwords and the increasingly complex requirements imposed on them complicate the lives of most users. They will inevitably develop their own mechanisms to cope with "password overload". They include writing passwords, using the same password to log in to different systems, or using simple and predictable password strategies. ”

In 2013, Google conducted a small study on passwords and noted that most people use one of the following password creation schemes: a nickname or birthday of a pet, family member, or lover; any significant date; Place of Birth; favorite holiday; something related to your favorite sports team and, of course, some word ...

So, the bottom line is that most people choose passwords based on information that is easily accessible to hackers, who, in turn, can create a “brute force” (brute force) method to crack a password without any problems.

Fortunately, although you may not be aware of this because of the ubiquity of systems based on old recommendations, over the past few years most security advisory bodies have drastically changed their advice.

For example, the aforementioned UK National Cybersecurity Center now recommends that system administrators, among other things, stop forcing people to change passwords if there is no data leakage in the system: only minor variations of old ones) and does not carry any real advantages ... ". Moreover, research shows that “a regular change, on the contrary, a password is harmful to security, and does not improve it.”

Or, as noted by physicist and computer scientist Dr. Alan Woodward of the University of Surrey: “The more often you ask people to change their password, the weaker the passwords they choose.”

Similarly, even a completely random set of characters with a standard password length is relatively susceptible to brute-force attacks without additional security measures.Thus, the National Institute of Standards and Technology has also updated its recommendations and encourages administrators to force people to give preference to long but simple passwords.

For example, a password like “My password is easy to remember” will usually be an order of magnitude safer than “D @ ught3rsN @ m3! 1” or even “* ^ sg5! J8H8 * @ #! ^”.

Of course, the use of such phrases makes memorization easier, but this still does not solve the security problem, since almost every week a major service encounters data hacking. The reason is that such systems use weak encryption to store personal data and passwords. For example, as a result of a recent hacker attack on Equifax, data on 145 million US residents were hacked, including their full names, social security numbers, dates of birth and addresses.

For the first ever hack (discussed above), Scherr just needed to complete a password file print request. However, it turns out that in order to gain access to a huge amount of personal data Equifax, it was not necessary to do anything supernatural.As an anonymous computer security expert said in an interview for Motherboard: “All you had to do was enter a search query and get millions of results instantly — in unencrypted form, via a web application.”

Hmm ...

Because of this, the National Cybersecurity Center now also recommends that administrators encourage people to use a password manager in order to increase the likelihood that they will not use the same passwords for different systems.

After all, no system will ever be completely secure, no matter how well designed it is. This brings us to the three golden rules of computer security, written by the aforementioned famous cryptographer Robert Morris: “Do not own a computer; do not turn it on; do not use it. ”

Related news

  • City portals and official sites of the city of Krivoy Rog: a selection of sites
  • Animals and plants: a selection of videos
  • Hotels of Ivano-Frankivsk region: a selection of sites
  • Reset centner
  • Agility sports for dogs: a selection of articles
  • Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords

    Who invented computer passwords