The average business user has 191 passwords, but are they secure? Likely not. 91% of people know that reusing the same password increases their risk of a security breach, yet 66% do it anyway. So how did hacking come in cahoots with passwords? Since their 1960 invention, passwords had a 28-year run before realizing they could be hacked. With technology like 2-step authentication and biometric features, modern hacking is far more difficult. However, cyberthieves are still in business. With that being said, moving beyond passwords may be our best bet in optimizing our cyber protection.
Fernando Carbato, creator of the computer password, was on the launching team for MIT’s Compatible Time-Sharing System (CTSS) – the first gadget using password security. CTSS used separate consoles to access a shared mainframe, so multiple users could share one console, but have their own set of files. A personal point of entry for each user necessitated the use of a password. While passwords are weaker than authentication questions, they require far less memory to store – an essential compromise for early computers.
Furthermore, The first instance of hacking was recorded in 1988, being named The Morris Worm: the first computer worm on the Internet. The historical threat was designed by Robert Tappan Morris, whose father created hashing. Hashing is a technique that allows hackers to remotely translate a user’s password from plaintext to an unreadable string of characters that is impossible to convert back. These unreadable strings are called hashes.
Within 24 hours of The Morris Worm’s release, 1 in 10 networked computers were infected. On top of that, an analysis of the leaked data showed nearly 50% of users had easily guessable passwords – the most common password was “123456.” Although Morris had the intentions of harmlessly experimenting, the incident inspired an entirely new generation of hackers and a new era of cybersecurity.
In the meantime, hackers continued to get smarter. In 2009, RockYou suffered a massive password breach. Hackers accessed the unencrypted login credentials for 30 million RockYou accounts. It was found that the business’ social networking apps began routinely using the same username and password as each individual’s webmail account. Even worse, 90,000 credentials for personnel including military, State Department, Homeland Security, and private contractors were leaked in 2011’s Military Meltdown Monday. On top of that, Anonymous hacked Booz Allen Hamilton, a contractor for the Department of Defense.
Although modern hacking invents far more challenges for hackers, cyberattacks are still common. As a result, data scientists are pushing toward a future without passwords for enhanced security. Jim Clark, Co-founder of Netscape and Chairman and Co-founder of Beyond Identity says, “Passwords are easy to guess, often, and you have to share it with the site you are logged into so the site has a copy, you have a copy and all it takes is the breach of a site [to be compromised].” So, how strong are your passwords?