If you’re like most people, you’re annoyed by passwords. You’ve got dozens to remember — some of them tortuously complex — and on any given day, as you read e-mails, send tweets, and order groceries online, you’re bound to forget one, or at least mistype it. You may even be one of those unfortunate people who’ve had a password stolen, thanks to the dodgy security on the machines that store them.
But who’s to blame? Who invented the computer password?
Like the invention of the wheel or the story of the doorknob, the password’s creation is shrouded in the mists of history. Romans used them. Shakespeare kicks off Hamlet with one — “Long live the King” — when Bernardo must prove he’s a loyal soldier of the King of Denmark. But where did the first computer password show up?
It probably arrived at the Massachusetts Institute of Technology in the mid-1960s, when researchers at the university built a massive time-sharing computer called CTSS. The punchline is that even then, passwords didn’t protect users as well as they could have. Technology changes. But, then again, it doesn’t.
Nearly all of the computer historians contacted by Wired in the past few weeks said that the first password must have come from MIT’s Compatible Time-Sharing System. In geek circles, it’s famous. CTSS pioneered many of the building blocks of computing as we know it today: things like e-mail, virtual machines, instant messaging, and file sharing.
Fernando Corbató — the man who shepherded the CTSS project back in the mid-1960s — is a little reluctant to take credit. “Surely there must be some antecedents for this mechanism,” he told us, before questioning whether the CTSS was beaten to the punch by IBM’s $30 million Sabre ticketing system, a contraption built in 1960, back when $30 million could buy you a handful of jetliners. But when we contacted IBM, it wasn’t sure.
According to Corbató, even though the MIT computer hackers were breaking new ground with much of what they did, passwords were pretty much a no-brainer. “The key problem was that we were setting up multiple terminals which were to be used by multiple persons but with each person having his own private set of files,” he told Wired. “Putting a password on for each individual user as a lock seemed like a very straightforward solution.”
Back in the ’60s, there were other options, according to Fred Schneider, a computer science professor at Cornell University. The CTSS guys could have gone for knowledge-based authentication, where instead of a password, the computer asks you for something that other people probably don’t know — your mother’s maiden name, for example.
But in the early days of computing, passwords were surely smaller and easier to store than the alternative, Schneider says. A knowledge-based system “would have required storing a fair bit of information about a person, and nobody wanted to devote many machine resources to this authentication stuff.”