With All of Us Online Password Management is Becoming Even More Important

May 18, 2020 – Demetrius Harrison has become a regular 21st Century Tech Blog contributor. He provides us in this posting with a look at the evolution of passwords, past, present, and future. In the midst of a pandemic and the fact that being online is now the new normal, becoming educated to the potential vulnerabilities we leave ourselves open to through bad security habits is a must. Enjoy the read, the accompanying infographic, and as always feel free to send in your comments.

The first Thursday in May has become in recent years World Password Day, so it would seem to be a good time to look at the history behind password security.

Passwords have evolved dramatically in the past few years. A mid-20th century invention they have become ubiquitous in the online world. Today we don’t think  about passwords much and in some operations they have become passe, replaced by biometrics and password storage software to keep track of all of the many combinations we have created over the years. Regardless of how we approach password security, all of us share one commonality. We don’t want our information being stolen.

Let me explain to you how password hacking came into play.

In 1960, Fernando Corbato invented the computer password on MIT’s Compatible Time-Sharing System (CTSS) console. Here’s how it worked. Multiple users shared a single computer console with each having his or her own set of files. To access individual accounts, each user was given a personal point of entry in the form of a password. Back then password theft wasn’t on anyone’s mind since the protocol was so new. Just two years later, however, a Ph.D. candidate Alan Scheer opened the floodgates. With a shared computer console Scheer only had 4 hours per week of computer time to do his simulations. He needed more so he figured out how to print the system’s password file which gave him the ability to log in as any other user and thus solved his time issue. What he didn’t know was that he was creating a whole new universe of computer users – hackers.

Soon others were following Scheer’s wake and brainstorming on new methods to bypass security setups of computers for personal gain. Meanwhile, data scientists began working on countermeasures to increase the security of users. When in the 1990s, data storage moved to almost entirely digital, and cloud storage for data backup solutions became the new normal, hackers found new ways to bypass security measures.  

Obtaining another user’s password today is not as easy as it was when Scheer printed out everyone’s user access. Now a hacker needs to know a lot more personal information to gain access to a user’s account. Today we have two-step authentication, security questions, strong passwords that use numbers, symbols, and capital letters, and we can take advantage of biometric features like fingerprint, iris, facial scans, and voice recognition to prevent unauthorized access to a user’s accounts. But the majority of us tend not to care enough to implement some or all of these tools because we value quick and routine access to our accounts.

Don’t believe me?

Here’s an interesting statistic from Verizon’s 2017 Data Breach Investigation Report. Although 91% of people know that reusing the same password increases the risk of a data breach, 66% do it anyway. 

There are new apps that can simplify the complexity of password management. Products like Apple’s Keychain which has been a part of the MacOS through several iterations stores various types of data including passwords, private keys, certificates, and secure notes. And there are password management apps that can organize all of our log-in credentials behind a master password with a single-sign-on routine. RoboForm which was first released back in 1999 is one of these. Its lets users create stronger passwords and store them while the user needs only to remember the master password. Of course, that master password can be hacked. 

What is the future of online security? We may find ourselves not even using alphabetic and numeric passwords. Certificate and risk-based authentication is expected to become the new norm. Certificate-based authentication eliminates the need for passwords while providing transport layer security (TLS), a cryptographic protocol that provides end-to-end communications security over networks and is widely used for Internet communications. TLS extends the chain of trust to individual users while ridding the possibility of guessable passwords. Similarly, risk-based authentication determines whether an access attempt is valid based on the user’s identity, IP address, geolocation, and level of posture in which the device is being held.

The infographic below gives a brief visual timeline of the history and future of passwords. In it, you will find many tips on securing your online presence, as well as an understanding of the evolution of password security. When Intel created World Password Day it wanted to raise awareness for digital users to #LayerUp, a hashtag it created to call attention to the importance of strong authentication to prevent identity theft. And now that we are dependent on the Internet at a time of pandemic it pays that we pay attention to our personal data and online security.