By Elie Monnickendam, Year 12,
We all know passwords are the basic measure we all have to use in order to keep our stuff safe. We use them on a daily basis, nearly hourly. We use them on websites or apps; sometimes physically, with padlocks or safes. They’ve been the first step to online security since computers were a thing.
We consider Fernando Corbató the father of modern passwords as we know them. He introduced passwords to the field of computer science in the 60’s at MIT, where he used them to manage privacy in a large database. As time went on, passwords became insecure, requiring an update. In the ’70s, Robert Morris Sr., therefore, devised what we call “Hashing”, a method to represent a password, without actually containing it. Hashing is what we use today, on nearly every modern computer to prevent passwords from leaking when security breaks. One way to describe Hashing is the following: When someone logs into a system, the system hashes the password the user provides and compares it to an already existing hash of the correct password. If the two hashes match, the system understands that the user provided a valid password. If the hashes don’t, then the password is invalid. Hashes are incredibly useful because they don’t contain the passwords within themselves, making “De-hashing” impossible. Later, in ‘79, Morris and Ken Thompson (another computer scientist) decided to introduce random data to hashed passwords, to complicate the potential hacking of hashed passwords, a process called “salting”.
Finally, in the late 2000’s and the early 2010’s, passwords became so trivial, that we needed to further improve security. The introduction of MFA (Multi-Factor Authentication) increased the efficiency of online security and brought the world more ways to authenticate themselves into locked systems. MFA methods can vary from fingerprint scanners, SMS code confirmations, and security questions to even retinal scans. Systems that require different levels of security use differentcombinations of MFA methods in order to properly secure their data. StrongDM separates MFA methods into 4 categories, being: something you have (hardware key or smart card), what you know (PIN code or security question), and have (fingerprint or facial recognition).
To make sure passwords are secure, we use many different rules of thumb to ensure we are properly secured. To make a password more secure, follow these rules:
- Keep your passwords long
- Add different characters
- Don’t re-use them on different websites
Here are some things to never do, under any circumstances:
- Put all your passwords in one place (i.e. a pdf, a piece of paper)
- Re-use your passwords on multiple accounts
- Share your passwords/accounts with others
We are all human, so don’t make your passwords so complicated you won’t remember them. I recommend using a password manager to generate, store and organize your passwords properly. I personally recommend OnePassword. One final suggestion is to regularly change your passwords, this does seem like overkill, but it is a foolproof way to protect your accounts.
As time goes by, our security measures become more and more secure, but so does cracking. Some of the most commonly used password cracking methods are “brute-force” attacks, where a computer attempts to log-in to a system by trying every possible password. This is exactly why we need to make our passwords long, complex and unpredictable.
