The first passwords began to be introduced in the 1960s, when computer systems began to develop, and managing access to them became more complicated. One example is the CTSS (Compatible Time-Sharing System), which was created at the Massachusetts Institute of Technology (MIT).
Previously, on computers like those used at MIT in the 1950s, there was no need for passwords because access to the system was limited to a few users in a tightly controlled environment. As computers began to be used by a wider range of users, the need for security methods like passwords emerged.
The introduction of passwords in the 1960s faced resistance from the hacker community. Hackers saw passwords as a tool for administrators to control users, which went against their philosophy of freedom in using computers – a philosophy that also extended to the freedom of access to information. At that time, hackers were not at all interested in building security systems. Most considered them unnecessary, and their goal was to focus on freedom of use, not on restrictions imposed by administrators.
"Hey, I see you chose the password - MUMBLE…"
As a result of the introduction of passwords by MIT, Richard Stallman and other hackers decided to "fight for freedom" and found a way to "read and decode" the password database – Richard Stallman managed to do this just by looking at the contents of the database!
"I figured out how to decode the passwords. By looking at the database of encoded passwords, I could figure out what each person would actually type to log in."
Stallman and his colleagues discovered the users' passwords and sent emails to each of them, informing them of their password and suggesting that they should use empty password and instead of entering a password, they simply press ENTER – simultaneously conveying the clear message that the whole security system was a joke.
Richard Stallman | Revolution OS
The first passwords used in 1961 were stored in a file called passwords.txt, and to make matters worse, this file was available to all users.
USERNAME1: ENCODED_PASSWORD1
corbato: vhfruw
stallman: dwwdfn
gosper: jrrgoh
How were these passwords encoded? They were very simple ciphers, similar to Caesar cipher, where the shift of characters in the password was constant.
Original password: "secret" → Encoded: "vhfruw" (shifted by +3).
But that's not the end of the adventures with the CTSS system. The mentioned password compromise took place in 1961, and the first password leak occurred in 1966, when a group of physics students from MIT conducted the famous operation, proving the weakness of security systems of the time. They printed the entire contents of the shared system (CTSS) on a long paper roll, revealing, among other things, users' passwords. This was also one of the first documented cases of "hacking" – the students exploited a vulnerability in the system's security that allowed them to display all active system data.
At some point, the introduction of strong protection methods became essential, and today, the issue of appropriate security concerns not only hackers or administrators but each of us. Since the 1960s, much has changed. Today, the hashing function, which provides one-way data conversion, has become one of the primary ways to protect data.
In the next article, we will focus on how to create secure passwords, discuss best practices in password creation, and answer the question of what makes a password secure and why.