October 2023 marks the 20th anniversary of Cybersecurity Awareness Month. This National Cybersecurity Alliance-coordinated event is an excellent time to remind colleagues, friends, and family about the important of protecting yourself online. In this article we will look into how, under the umbrella of a new year-round theme—Secure Our World—the alliance is working to share simple means of embracing cybersecurity, such as password safety.
The evolution of password security: From ancient origins to modern recommendations
While the idea of a “password” is literally ancient history (a password concept is used in the Bible’s Book of Judges), computer passwords are an invention of MIT in the 1960s. They came with the revolutionary concept of timesharing—the ability for multiple users to use the same mainframe computer to work on different sets of data at the same time.
The idea of timesharing was genius, but computer scientists led by Fernando José Carbató needed a way to keep user files private. Quickly, though, users sought to crack the code, motivated by the desire to have more than four hours a week on the Compatible Time-Sharing System (CTSS). One graduate student, Alan Scherr, later confessed to printing out all of the passwords. Another incident occurred in 1966 when a software bug shared the entire list of CTSS passwords upon system login.
The common password security technique of requiring users to update their passwords every 90 days has now gone by the wayside. Originally recommended in 2003 by Bill Burr of the National Institute of Standards and Technology (NIST), Burr later said he regrets that suggestion, along with the idea that passwords should contain special characters. The 90-day rule just meant users were adding a new special character onto the end of their passwords—and that was no challenge for a hacker. The current recommendation is to turn on multifactor authentication and use a password manager with one master password, randomly generating unique strings of text for each website. Long passphrases are also considered harder to crack.
If you have any questions or need guidance on choosing a password manager call us at 732-780-8615 or email at [email protected].
Kate Johanns, “Tech Time Warp: Cracking the code on password safety, at least for now“, smartmsp.com, Oct 10, 2023