World Password Day falls on the first Thursday in May every year.
As we spend most of our time online, using social networking accounts, banking and sharing files, it’s a good time to reflect on the reliability of the passwords we use.
Yes, yes, passwords and the annoyance they cause are a nuisance for everyone.
Who was the one who invented them, after all?
Let’s start with a funny hacker story, and in the rest of this series of articles we’ll get a little more serious about password management.
The invention of passwords goes way back in history. Already the Romans used password systems to determine who belonged to their unit and who did not. During the period of alcohol prohibition in the 1920s, for example, password cards were used to gain access to bars where alcohol was sold.
It may sound surprising, but the very first attack on a digital password took place in 1962. At the time, MIT’s CTSS (Compatible Time-Sharing System) was the first system to use individual passwords to access the system. Allen Scherr, a PhD student, wanted to use CTSS beyond his weekly allotted hours. He had been allowed four hours a week, but that was not nearly enough to run the detailed performance simulations he had planned for the new computer system. To extend his time at CTSS, he decided to borrow passwords from others. Scherr managed to obtain all the passwords stored in the CTSS system by requesting a printout of the password files with a punch card. In his later memoirs, he even stated that he shared the stolen passwords with others because he did not want to be identified as a password thief. The uncovering was not long in coming. One of them, a user named J.C.R. Licklieder, immediately logged into the account of the computer lab’s director, Robert Fano, and sent spicy messages to everyone.
These days, password attacks have become a major problem for businesses and civilians alike. According to the Verizon Data Breach Investigations Report, more than 80 per cent of web application breaches are due to problems with passwords.
With the average person working with about 100 passwords, it is not surprising that individuals often use the same password for multiple accounts or create simple passwords that contain easy-to-remember personal information.
This situation is a real paradise for hackers, as passwords are usually one of the most important barriers to unauthorised access to confidential data or accounts.
In our next article, we will list the most common types of attacks we encounter and how to protect against them.