Last week the man who created the computer password, Dr. Fernando Corbató, passed away at the age of 93 due to complications from diabetes. We take passwords for granted as our generation has used them nearly all, if not all of our lives. It is second nature for us but it was obviously not always so. So today we look at how the computer password came to be.
Fernando Corbató
Corbató grew up in California in Los Angeles where his father was a Spanish literature professor at UCLA. He served in the US Navy during World War 2 where he found his future calling “debugging” military equipment. After leaving the Navy he enrolled in the California Institute of Technology earning a bachelor’s degree and then a master’s in physics from the Massachusetts Institute of Technology in 1956. He then joined MIT’s Computation Center.
MIT was the place to be for technology in the 1950s. They had the fastest and most powerful computers available but using them was extremely frustrating. Only one person could use them at a time and the computer would solely focus on the task at hand until it was completed. This could take hours or days sometimes, creating backlogs for people who wanted to use them to test their computations. In a time when the cost of a computer was in the millions of dollars using one was a big deal.
CTSS
Corbató found that while he had a master’s in physics he was more interested in the machines themselves that were being used. So he decided to try to overcome this issue and make the computers more accessible. In 1961 he developed the Compatible Time-Sharing System or CTSS, a primitive operating system.
As a disclaimer Corbató does not claim to be the first to develop a password system. IBM used a system called Sabre which was used for making travel reservations and he believed that it could have used a password system as early as 1960. IBM was contacted but was unsure if the system did, so Corbató is given the credit.
With CTSS multiple users would be able to login and share the computer’s processor. In most cases the processor was not being utilized fully and by allowing for this it made the computer more efficient, in fact they would probably not even notice that others were sharing the machine. They would also be able to have their own files stored in their own accounts rather than having to store them communally where anyone could view them. CTSS paved the way for other innovations like email as well as virtual machines, instant messaging and file sharing.
How To Secure Accounts?
But with different logins being created for different people there was the question of how to make sure the right person logged into their account? A password was the obvious choice but there were other options. A knowledge-based authentication method that asked you a question that only you would know (think of those secret questions that you have to fill in when creating an account) was the other option but it was rejected. A password was smaller and easier to store in a file and on a computer where storage space was at a premium. That is why it was chosen by Corbató .
An Unsecure System If There Ever Was One
CTSS was hardly secure though. In 1966 it may have had the distinction of becoming the first ever system breach in the history of computing. A software bug switched the system’s welcome message and the master password list exposing the list of passwords to anyone who tried to log in. The passwords were simply stored in a generic data file and were not encrypted. A breach like this was never considered.
The system also had the first documented case of password theft when an MIT researcher stole the password of another in order to get more time on the computer to run his simulations. He was able to get the master password list by submitting a request on a punch card requesting the account number and file name and simply had them printed out. The researcher handed the passwords out to others to hide his theft and someone even began logging into the account of the lab director to leave messages taunting him. System administrators thought it was a bug but half a century later the researcher fessed up.
An Ancestor Of Unix
CTSS allowed Corbató to work on another project called Multics which was used by General Electric for its computer systems. Multics pioneered many things used by modern operating systems like a hierarchical file structure, access control lists, single level store, dynamic linking and online reconfiguration for reliable services. It was also the inspiration for the development of the Unix operating system, which is a core component of the operating system that you are reading this on right now.
When Corbató developed the password he had no idea what would become of it. Considering that it is still in use today, nearly 60 years later and is only beginning to be replaced by something more secure he did his job well. He was the first to admit that the password is hardly secure but there was nothing better at the time and since. RIP to one of the great pioneers in the history of computing.