The History & Future of Password Cybersecurity – [Infographic]
How unique are your passwords? Although the average business user has 191 passwords, 81% of confirmed data breaches are due to weak, stolen, or reused passwords.
Even though 91% of people know that reusing the same password increases their risk of a data attack, 66% do it anyway. Working from home, we not only hold personal data on our computers but also our business’. Because of this, it’s crucial you take time to create one-of-a-kind login credentials – especially with cyberhacking on the rise. Understanding the password sector of cybersecurity can help you do this, because, at the end of the day, you are the more forefronting asset in protecting yourself from security breaches.
1960: The Invention of the Password
Fernando J. Corbató, a founding member of Project Mac, pioneered the first variant of password security in his work developing MIT’s Compatible Time-Sharing System. EComputerNotes defines time-sharing operating systems as multitasking computers – using time slots to allow multiple people to simultaneously use one computer for their individual purposes. To prevent overlap, a personal point (a password) was required for each user to access their personal files.
Of course, this made passwords new at the time, so hacking was the furthest from anyone’s mind. However, 1962 was the year things changed.
Allan L. Scherr, another founding member of Project Mac and PhD candidate at MIT, was given just 4-hours per week to use the CTSS he shared with others. However, the simulations he designed required far more time to run. To get around the CTSS’ time slots, he printed the system’s password file, giving him the ability to log in as others. As a result, he had more time to run his programs. However, this gave hackers a new idea on a way to maliciously obtain user data.
The 1970s: Hashes & Salt Used as Protective Measures
Between 1962 and 1974, hackers had a field day taking advantage of then-weak security systems. As a result, data scientists stepped in to equip technology with greater protections.
In 1974, Robert Morris, an American cryptographer (someone who develops security algorithms), invented the Unix Hashing command. This command uses one-way encryption to translate passwords into numbers, this way actual passwords aren’t actually stored on the device in case a hacker gets a hold of it. Interestingly enough, the hashing command is still used in many systems today, i.e. MacOS and the Playstation 4.
In 1979, Ken Thompson, a computer scientist then employed by Bell Labs, joined Morris to coin the cyberterm “Salt.” The act of salting adds random characters to stored passwords, making them indecipherable should they be maliciously revealed. However, salting cannot stop a password from being guessed. In the words of Morris, “The 3 golden rules to ensure computer security are: do not own a computer, do not power it on, and do not use it.” In other words, stay on top of the ways you draft a password. By pre-adding numerical and symbolic characters, you can armor your passwords even before systems do.
The Rise of Password Hacking
Although printing the system’s storage file containing every user’s passwords worked for quite sometime, more strategic approaches didn’t develop until later.
In 1988, Robert Tappan Morris – whose father created hashing – created The Morris Worm. This was the first computer worm sent onto the Internet, and went on to infect 1 in 10 computers connected to the Internet at the time. Although T. Morris had intentions of the worm being a harmless experiment, the incident birthed an entirely new fleet of hackers.
Here’s something interesting. After The Morris Worm was studied, it was found that nearly 50% of users had easily guessable passwords. The most common password was “123456.” Do any of your accounts – even your mobile devices – use this password?
Famous Password Breaches of the 21st Century
RockYou was a software company who developed widgets for MySpace and applications for Facebook. However, it was found that RockYou’s databases stored all user data in plain text. Even worse, their social networking apps used the same username and password as each individual’s webmail account. As a result, 2009 hackers accessed 30 million RockYou accounts by obtaining their unencrypted login credentials.
However, that’s not all.
In 2011, the login credentials for 90,000 personnel across Homeland Security, the military, State Department, and private contractors were leaked. The massive breach known as Military Meltdown Monday ignited when an anonymous user hacked a contractor for the Department of Defense.
Although cybersecurity has evolved to keep up with hackers, data breaches can still happen. Taking the recent hackings of large corporations and government officials into account, this should be even more of a reason for you to instil your credentials with the best shields you can.
How You Can Stay Protected
Password management apps are your friend – especially if you’re working from home on a shared network. In 1999, RoboForm released one of the oldest password management apps still in use. These softwares help users create stronger passwords and securely store a master list of all of their passwords into one vault. In fact, many operating systems include their own password manager – such as the macOS Keychain.
However, keep in mind that password management apps require yet another password themselves to login – and many of these have been hacked in the past. If used properly, you can pad yourself with an extra layer of cyber protection.
In 2004, Bill Gates said, “There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure.” Having called it then, the future of cybersecurity is set to move far beyond passwords. Our first step toward this was biometrics, but certificate and risk-based authentications have other solutions.
In the meantime, give your catalogue of passwords a refresh. You can find more information on how to do so in the infographic below. The history and future of password security is as complex as informative. Have you ever been hacked?
Infographic Source: https://beyondidentity.com/blog/history-and-future-passwords