Passwords Are History

Encryption - Ciphers & Cryptography

The first recorded instance of encryption was in Menet Khufu, an ancient city that bordered the Nile. Researchers have found inscriptions inside the tomb of Egyptian Noble Khnumhotep II, who lived around 3900 years ago. The scribe used a simple code of hieroglyphic substitution, changing one symbol for another to obscure the meaning of the inscriptions.

The message conceals a formula for pottery glaze which was used on clay tablets

Authentication - Roman Watchwords

The ancient Romans would utilize passwords through watchwords. The city guards would transcribe a nightly password on a wooden plank, and if someone didn’t know the watchword upon arrival at the gate they would not be permitted to enter.

Watch Video

Speakeasy Code Words

On January 17th, 1920 the United States banned alcohol in a period called Prohibition. People created speakeasies, illegal drinking establishments that flew under the radar. To stay open in secret, speakeasies used code words to allow entry, similar to the Romans thousands of years prior. Some keywords included “swordfish, open sesame, and 42”

First Demonstrated Online Password

Fernando Corbato demonstrated the first password in an online system in 1961 for the MIT Compatible Time Sharing System (CTSS) (at MIT). Using a password felt like a straightforward solution to allow individual users to keep a private set of files.

The passwords would also limit the amount of time that they could spend on the system.

 In 1966, graduate student Allan Scherr, fed up with the limits on his time available on his computer time, discovered he could print out the master password file on the system so that he could access other user accounts. And thus, the first password was hacked.

Curious if your passwords have been exposed?

Check out haveibeenpwned.com

Unencrypted Password

Earlier versions of Unix used a password file, `/etc/passwd` to store all account information on a user, including hashed passwords. This data could be displayed by running cat /etc/passwd.

In the 1970s salts were introduced. They make it more difficult for unauthorized users to determine the plain text value of passwords in the /etc/passwd file by adding extra complexity to passwords before they are hashed and stored.

In the mid 1980s, password security was further enhanced by storing the password hashes separately in a file readable only by root called /etc/shadow. And now you relive the glory days of poor password security by getting a $cat /etc/passwd shirt for free by downloading and installing FusionAuth!

Public Key Cryptography

Asymmetric cryptography, or public key infrastructure (PKI) emerged as a secure authentication technique. PKI was initially classified, and became public in the early 1990s, playing a big role in authentication.

“Passwords” Make the Mainstream

In the 1980s, as passwords made the mainstream, so did the rise in hacking. The scope of the problem was so great that in 1985 the U.S. Department of Defense recommended the creation of the Department of Defense Password Management.

At that time, an eight character password containing letters and numbers could withstand six months of attack over a 300-baud modem.

One-time Passwords

One time passwords were developed by Leslie Lamport in 1984, an early example of passwordless authentication.

The World Wide Web Consortium

Sir Tim Berners-Lee founded the World Wide Web Consortium (W3C) at MIT/LCS to “shepherd the web, by developing open web standards.”

WebAuthn is Created

The Web Authentication API (WebAuthn) is developed and recommended by the W3C to strongly authenticate users through an authenticator, such as platform authenticators, roaming authenticators, or Near Field Communications (NFC). Logging in through a device is commonly referred to as using a passkey.