July 2019 marked the passing of respected computer pioneer, Fernando Corbato, aged 93, who had a long and illustrious career in technology leaving many great legacies to the field of technology, including 50 years of passwords.
Inventor of the password
Dr Corbato is perhaps most famous for inventing the password. But this invention was actually just a by-product of another great invention: the Compatible Time Sharing System (CTSS).
Positing that computers were underutilised when they were limited to just one user, Dr Corbato invented CTSS to divide up the processing power of a computer into small slices to enable it to carry out small processing activities for lots of people. The password was created to keep each user’s information secure; hiding files and programs from others using the same computer.
Much of the security and multi-user technology that we have enjoyed in the last 50 years is a result of Dr Corbato’s work.
Passwords – from revolution to risk
In the early 60s, when Corbato invented the password, the concept was a revolution. In the pre-Internet era, when the computer was the only piece of technology hardware that needed to be secured, the password was a perfect solution to prevent others from accessing data.
As time has passed, however, the Internet has evolved and become a crucial element of business and more systems require passwords to secure corporate data. As systems they have become harder and more complex to manage and attacks on them have become more sophisticated, after 50 years of passwords we are being shown every day that the password is no longer the solution to deliver comprehensive online security.
Even Dr Corbato was content to reveal that the password has become “kind of a nightmare with the World Wide Web.”
In an interview, he highlighted the flaws of the password in our modern world, stating that there are too many to remember and this leads people to either maintaining a crib sheet file for their passwords which is often itself not password protected and too easily hacked; or using a password manager, of which a study in February 2019 showed that “password manager users are vulnerable to targeted malware attacks” and identified security flaws in five of the most popular password managers. Both approaches are flawed.
The next 50 years
The work that Dr Corbato has done in the field of technology has paved the way for solutions that have taken us to present day and will continue to propel us into the future. Inventions and the great minds behind them are the building blocks of progress in any field and 50 years is far longer than most inventions will stay without advancement.
If you run or work for an organisation that still uses simple passwords for security, you are out of date and at risk. Every organisation should have security at the top of their priorities. While implementing new solutions may be inconvenient, suffering a data breach and facing all of its associated costs is a far worse situation than rolling out a new authentication system. Plus, it’s not as complicated as you may think.
Upgrading authentication systems to safeguard for the next 50 years should be approached in two or three steps. Companies that are hesitant to move quickly can follow each step gradually, but action needs to commence now. For those ready to transcend the password altogether, you can skip step two and go straight from step one to step three.
1. Review regulatory compliance
Companies need to ensure that their password protection comes in line with regulatory compliance and has real-time password breach protection.
2. Multi-Factor Authentication
Reliance on passwords alone needs to stop. Enhancing authentication solutions to a minimum of Multi-Factor Authentication will provide risk-appropriate authentication for cloud and on-premise access.
3. Remove the Password
The ultimate goal should be to implement a password-less/device-less solution to enable security/authentication flexibility and scalability.
50 years of passwords – where to find out more
To find out more about transitioning beyond the profoundly flawed, traditional password authentication methods, read our Solutions page. Or get in touch with Authlogics today to discuss how we can help protect your business for 50 years to come.