History of passwords: Where does the password come from?
Ever wondered when people started using passwords? Discover the history of passwords – who invented passwords, where the notion of a secure digital password comes from, and what the future of passwords looks like.
By Alyssa SchmittWill passwords like this soon belong to the past?
It may not surprise you to hear that the ancient Romans had military passcodes, but did you know that they make an appearance in the Hebrew Bible as well?
A look at history shows that traditional passwords – in the form of codes, watchwords, or passphrases – have been used for thousands of years to gain access to a place, object, or information – e.g., a secret hideout, a safe, or military blueprints – or to verify identity, such as membership in a group like an army troop.
The digital password, on the other hand, refers specifically to a secret combination of characters (letters, numbers, symbols) used to access electronic systems. Referred to the “something you know” method in authentication, digital passwords have been used in a wide variety of contexts since the 1960s, e.g., computers, smartphones, websites, and applications. Digital passwords are usually stored electronically and must meet ever-evolving password standards to stand up to modern hacking methods.
Although the name may vary – password, keyword, code, watchword, PIN, TAN... – the principle remains the same throughout history – if you can’t provide the exact combination of letters, words, or numbers, you won’t get in!
Passwords: from antiquity to the present day
Examples of the password abound in popular culture. Just think of the classic folk tale of “Ali Baba and the Forty Thieves” where the phrase “Open, Sesame!” unlocks a cave full of treasure. Or who can forget the image of patrons whispering a password to enter a speakeasy during Prohibition? And the ever-changing passwords in Hogwarts castle often provided plot twists and comic relief in J.K. Rowling’s Harry Potter novels.
Who goes there? Watchwords and military passwords
The use of passwords can be found in military contexts far back in history, as these three stories show:
Sometime around the 11th century BCE, an armed conflict broke out between the tribes of Gilead and Ephraim. The Bible’s Book of Judges tells us that soldiers from Gilead used the password “Shibboleth” to differentiate between friend and foe. Because their enemies pronounced this word differently due to their dialect, the password proved a highly effective form of “authentication”!
The ancient Romans assigned “watchwords” so that the night watch outside city gates could recognize their comrades in the dark. If you didn’t know the word, you weren’t allowed to pass.
The Romans were also no slouches when it came to changing their passwords regularly. Especially in times of war, it was absolutely essential that only authorized individuals knew the current password. A daily password change was performed by a soldier going to the tent of the commanding officer and receiving the day’s password on a wooden tablet. It was then passed on to the commanders of the different units, always with a witness to verify the process, effectively eliminating any security gaps.
Famously weak passwords
The Roman system seems far more effective than the depiction of military security in medieval Denmark found in Shakespeare’s Hamlet, where “Long live the king!” is the password which identifies the guard arriving to stand the next watch. This surely belongs alongside “QWERTY1234” on any list of easily guessed passwords. But this fictional account of lax password security pales in comparison to a true story from America’s Cold War era.
Dr. Bruce G. Blair, a former Minuteman officer, revealed that in the 1970s, the 8-digit code for opening the locking panel on the launch silos of Minuteman nuclear missiles was 00000000 for EVERY silo. The reasoning was that the biggest risk was not an unauthorized missile launch, but not being able to launch them quickly enough if communications broke down during an attack. Viewed through the lens of today’s concerns with password security, this seems shockingly negligent.
History of the digital password
The 1960s marked a fundamental change in the way we use passwords. Formerly used primarily for military purposes, the advance of computers meant that passwords gradually became a common part of people’s everyday lives.
The first computer password
In the 1960s, the computers at the Massachusetts Institute of Technology (MIT) were shared by multiple users under the CTSS (Compatible Time-Sharing System). To allow several people to share a computer and still store private content to which no one else had access, Fernando Corbató proposed the first system for protecting files with a password.
The first password hack
Not surprisingly, it did not take long for the first password hackers to make their appearance. Just two years later, the first security vulnerabilities were discovered: the passwords were stored as simple text files. A doctoral student who wanted more time on the shared computer was able to print out the system’s password file and used the “borrowed” login credentials to log in under different names so he could keep working on his own project.
Rise of the complex password
Thus began a vicious cycle of developing better and stronger passwords and computer security and hackers finding new ways to circumvent them. As computers moved out of closed academic facilities into businesses and homes and were connected by the internet, the stakes for someone breaking into your computer became much higher than a colleague stealing your time slot.
In 2003, Bill Burr, a manager at the National Institute of Standards and Technology (NIST) proposed a system for creating complex digital passwords that were harder to guess: a mix of numbers, letters, and special characters. Sound familiar? However, in a 2017 interview with the Wall Street Journal, Burr admitted that he had some regrets.
Ironically, a system that forced people to use random strings of numbers and letters as passwords, have a different one for each account, and change them regularly actually led to LESS secure passwords! Here’s why: Remembering multiple strong passwords is just too hard, and many people revert to “Password123!” or rotating through their pets’ names. (Which unfortunately plays right into the hackers’ hands.)
Future of the password
Whether a castle or a computer, the history of the password shows us that all an attacker needs to do to gain access is get their hands on the right code. In most cases, this makes the password the weakest link in the cybersecurity chain. This has led many experts to rethink the password. From one-time passwords and two-factor authentication to security certificates stored on devices, recent years have seen many attempts to bridge this potential security gap.
The next step in this evolution seems to be the move toward biometric identity authentication, which relies on analyzing an individual’s unique physical characteristics. The newest generations of smartphones have taken fingerprint and facial recognition technology – once found only in top-secret military installations – and put it into everyone’s pocket, literally. This solution is far easier to use than passwords, eliminating the need to remember long strings of characters and numbers.
Until the password is completely replaced by other forms of authentication, however, it is extremely important that we continue to use secure passwords, especially for our email accounts!
For quick overview of the history of the password, check out our FAQ!
FAQ: History of passwords
What is the definition of a password?
A password is a secret word or code that you use to identify yourself when accessing a place, an account, etc. Digital passwords are combinations of characters that are commonly used to gain access to computers and other devices, email accounts, social media accounts, online banking, etc.
Who invented usernames and passwords?
The combination of usernames and passwords – like we use today to log in to our email accounts – was invented in the 1960s by Fernando Corbató, a professor at MIT. Because he and his colleagues worked on shared computers, he developed this method of access to maintain the privacy of each user’s files.
What was the world's first password?
Since traditional passwords have been used by armies since ancient times, there is no way of knowing what the world’s very first password was. The world’s first digital password was used on MIT’s Compatible Time-Sharing System (CTSS) in 1961. The exact details of this first password have also been lost to history – but our money is on “password123”.
Who is considered the inventor of the computer password?
Fernando Corbató, a MIT computer scientist who introduced the use of a username and password to log into shared computers, is generally considered the inventor of the digital password.
Who invented the one-time password?
The one-time password (OTP) concept was introduced in the early 1980s by computer scientist Leslie Lamport. This secure login method requires a password that can only be used once or that expires after a certain time. This means that even if an OTP is intercepted by hackers, they cannot use it to gain access to the account in question.
What is the most famous password?
“123456” is probably the best-known (and, unfortunately, the most common) password. It has topped the list of worst passwords for years, gaining infamy as an example of a password you should not use.
What is the strongest password?
The strongest passwords are long (at least 16 characters), completely random, and contain a mixture of letters (upper- and lowercase), numbers and symbols. A password like “3#Xq9*Zp!7Vr@cF2&MlP^k8,” for example, would be virtually impossible to crack using brute force methods.
We hope you enjoyed this deep dive into the history of the password! We look forward to your feedback below! And if you still don’t have a mail.com account, sign up for free today!
This article first appeared on November 28, 2022, and was updated on October 28, 2024.
