Author: Karl Smallwood / Source: Today I Found Out
Laura S. asks: Who was the first to come up with the idea of using passwords for computers instead of other authentication?
Something akin to passwords have seemingly been used for at least as long as humans have been recording history. For example, one of the earliest references to something like a password is mentioned in the Book of Judges, which was first written down sometime around the 6th or 7th century BC.
Specifically, it states in Judges 12:And the Gileadites took the passages of Jordan before the Ephraimites: and it was so, that when those Ephraimites which were escaped said, Let me go over; that the men of Gilead said unto him, Art thou an Ephraimite? If he said, Nay;
Then said they unto him, Say now Shibboleth: and he said Sibboleth: for he could not frame to pronounce it right. Then they took him, and slew him at the passages of Jordan…
Fast-forwarding a bit in history and Roman legionaries are known to have used a simple system of passphrases to discern whether a stranger was friend or foe. Second century BC Greek historian, Polybius, even describes in detail how the password system worked in terms of making sure everyone knew what the current password was:
…from the tenth maniple of each class of infantry and cavalry, the maniple which is encamped at the lower end of the street, a man is chosen who is relieved from guard duty, and he attends every day at sunset at the tent of the tribune, and receiving from him the watchword—that is a wooden tablet with the word inscribed on it – takes his leave, and on returning to his quarters passes on the watchword and tablet before witnesses to the commander of the next maniple, who in turn passes it to the one next him.
All do the same until it reaches the first maniples, those encamped near the tents of the tribunes. These latter are obliged to deliver the tablet to the tribunes before dark. So that if all those issued are returned, the tribune knows that the watchword has been given to all the maniples, and has passed through all on its way back to him. If any one of them is missing, he makes inquiry at once, as he knows by the marks from what quarter the tablet has not returned, and whoever is responsible for the stoppage meets with the punishment he merits.
Roman historian Suetonius even mentions Caesar using a simple cipher which required the recipient to know a key, in this case the correct number of times to shift the alphabet, to decipher the message.
As for more modern times, the first known instance of a password system on an electronic computer was implemented by now retired professor of computer science at the Massachusetts Institute of Technology, Fernando Corbato. In 1961, MIT had a giant time-sharing computer called the Compatible Time-Sharing System (CTSS). Corbato would state in a 2012 interview: “The key problem [with the CTSS] was that we were setting up multiple terminals, which were to be used by multiple persons but with each person having his own private set of files. Putting a password on for each individual user as a lock seemed like a very straightforward solution.”
Something we should mention before continuing is that Corbota is hesitant to take credit for being the first to implement a computer password system. He suggests that a device built in 1960 by IBM called the Semi-Automatic Business Research Environment (Sabre), which was (and still is in an upgraded form) used for making and maintaining travel reservations, probably used passwords. However, when IBM was contacted about this, they were unsure if the system originally had any such security. And as nobody seems to have any surviving record of whether it did, Corbato is seemingly universally given credit for being the first to put such a system on an electronic computer.
Of course, an issue with these early proto-passwords is that all of them were stored in plain text despite the gaping security hole this introduces.
On that note, in 1962, a PHD student called Allan Scherr managed to get the CTSS to print off all of the computer’s passwords. Scherr notes,
There was a way to request files to be printed offline, by submitting a punched card with the account number and file name. Late one Friday night, I submitted a request to print the password files and very early Saturday morning went to the file cabinet where printouts were placed… I could then continue my larceny of machine time.
This “larceny” was simply getting more than the four hours of allotted daily computer time he’d been granted.
Scherr then shared the password list to obfuscate his involvement in the data breech. System admins at the time simply thought there must have been a bug in the password system somewhere and Scherr was never caught. We only know that he was responsible because he sheepishly admitted almost a half century later that it was he who did it. This little data breach made him the first known person to steal computer passwords, something the computer pioneer seems quite proud of today.
Hilariously, according to Scherr, while some people used the passwords to get more time on the machine to run simulations and the like, others…
The post Who Invented Computer Passwords? appeared first on FeedBox.