Choose your language:
How many passwords do you have? More to the point, how many unique sites require you to have a password?
While some sources estimate the average number of password-protected sites as between 25 and 40, a quick look at my password utility shows I have over 250 username and password records. Even assuming some of those are duplicates or obsolete, I have well over 100 email, bank, news sites, social networks, etc. to remember and maintain.
Although we are advised to keep strong, unique passwords for every site we visit, the majority of online users have five or less unique passwords. This is a recipe for disaster if only one of your accounts (especially your email) is compromised.
Seeing as the two major security conferences, Black Hat and DEF CON, were held last week in Las Vegas, it seemed an appropriate time to look back at the history of the password.
“Flash” and “thunder”
The first references to passwords come from the military. Known as watchwords, a call and response would help sentries on watch to identify friend from foe.
In 413 B.C. during a battle between Syracuse and Athens, the Athenians used their watchwords to make sure their dispersed troops could regroup. However, the Syracusans overheard the response to the watchword and were able to surprise the Athenians. This is a very early example of social engineering!
The author Polybius recorded that Roman legions would pass a wooden tablet with a watchword from one watch shift to the next, each time placing a scratch. During the American Revolution, George Washington recorded each day’s parole (watchword) and countersign (response) in his journal.
A very famous call and response in military history is from the D-Day landing during World War II. The Allies’ challenge was the word “flash” and the appropriate response was “thunder.” The reason why the word “thunder” was used relates to a very old linguistic concept: the shibboleth.
There is a passage in the Bible that refers to the fugitives of Ephraim trying to escape the men on Gilead. As they crossed the river, the Gileadites challenged the Ephraimites to say the word “Shibboleth.” If they were unable to say it correctly, they were slain. According to this passage in Judges 12:6, 42,000 fugitives were slain in this way.
The word shibboleth is now used to describe any of these dialectical vagaries that can be used to separate people of two distinct groups that may otherwise speak the same language but have different ways of pronouncing some words or phrases.
Throughout history, these tests have been used to distinguish insiders from outsiders, usually resulting in slaughter.
The D-Day response of “thunder” also falls into this category. The “th” sound and “r” in thunder were harder sounds for German speakers to say, even if they had overheard the call and response.
If you think about it, the use of a shibboleth in this way could be considered a two-factor authentication.
While military call and response is a form of password, an early example of a password as a key for a lock comes from the story of Ali Baba and the 40 Thieves. While the exact origin date of this story is unknown, as it is not part of the original One Thousand and One Nights, also known as The Arabian Nights, it first showed up in print in the early 18th century.
In the story, the words “open sesame”were used to open the magical cave holding all the treasures. Now centuries later, programmers are using the power of voice recognition software in smart devices and Bluetooth to make the same use of a verbal password to open doors.
First password and first hack
Most researchers agree that the Computer Time Sharing System (CTSS) at MIT was the first computer system (1961) to implement a simple password for access. Graduate students and researchers used the CTSS to share access for computing power. If you want to see a 30-minute documentary from the time, I highly recommend watching this clip.
As groundbreaking as this system was, it also resulted in the first cases of hacking. A Ph.D. researcher at MIT, Allan Scherr, needed more time than his four-hour allotment. To get around this limitation, he requested the computer to print all of the passwords. Scherr used these to get more time and handed out these passwords to several others as well, one of whom left taunting messages for the computer lab’s director.
Swordfish, 00000000 and more
There are many other really cool things about passwords, but here are just a couple of other quick things to check out:
Do you have any good password stories? Please share your stories below (but not the password) or check out one of our previous articles about throwback tech. Also, if you like this article, make sure to share it on your social media channels with the hashtag #TBTech.
A self-styled storyteller, Alexander Lucas loves to share his vast knowledge of tech, innovation and design trivia. TEKsystems’ resident video designer is also an avid history buff and writes about technology innovation through time.