Passwords are a critical component of modern cybersecurity. They protect everything from personal email accounts to businesses’ sensitive data. With the growing importance of online security, it is essential for businesses to have a better understanding of the history of passwords and how they have evolved over time.
80% of data breaches achieved by targeting organizations’ web servers can be attributed to stolen credentials. – Data Breach Investigations Report 2022, Verizon
This World Password Day—a day created to raise awareness on the need for people to use strong credentials to protect themselves—we will dive into the history of passwords, starting from the earliest known ones to current passphrases and MFA, and how they have affected business security.
If you’d first like to discover all the ways you can protect your business data and accounts, download Impact’s eBook: What Makes a Good Cybersecurity Defense for a Modern SMB?
Additionally, we encourage our readers to reset their passwords and use robust passphrases and MFA to protect company and personal information on this World Password Day.
Spoken Code Words: The Beginning of Passwords
One of the earliest known use of passwords dates to the time of the Roman Empire. Roman soldiers would use code words known as “watchwords” to identify fellow soldiers and disguised enemies. These passwords would be changed daily to prevent unauthorized access.
A simple form of password protection, it became a precedent for using passwords as a security tool.
Fast forward a few millennia, and the first password as we know them today was created by Fernando Corbató in 1961. Corbató, an MIT computer science professor, created the password so that different people could have unique access to a time-sharing computer he had built.
Currently, Corbató understands how keeping track of numerous passwords can be a nuisance for the average user.
“I don’t think anybody can possibly remember all the passwords that are issued or set up. That leaves people with two choices. Either you maintain a crib sheet, a mild no-no, or you use some sort of program as a password manager.” – Fernando Corbató, creator of the modern password
The Evolution of Passwords
As technology advanced, so did the sophistication of password protection. In the 1980s, as hacking activities increased, password policies became more standardized. They required users to use a combination of uppercase and lowercase letters, numbers, and symbols.
While passwords became harder to crack, they were also more difficult to remember, leading users to write them down, continue using weak passwords despite the warnings, or reuse them on different accounts.
This problem of password reuse and weak passwords persists even today. According to a NordPass study, the most used passwords in the US in 2022 were:
If you or your employees are using any of these passwords currently, changing them as soon as possible will improve the overall security of your accounts and organization.
The Rise of Passphrases
To combat the problem of weak passwords, the use of passphrases became increasingly popular in recent years.
What’s a Passphrase?
A passphrase is a string of words or characters that create a longer and more complex password, making it harder for cybercriminals to crack. A passphrase is made of words that make it easier for a user to remember than a password.
For example, a password may look like “AppUn106*h6,” but a passphrase would be “Wolv3sRunInBigPacks45.” In this example, the user used the sentence “wolves run in big packs” to create a memorable passphrase.
“We should use passphrases. Passphrases leverage things that we know are paired, like the letters in a word.” – National Institute of Standards and Technology (NIST)
The NIST also recommends adding another layer of security to accounts by using multi-factor authentication (MFA). MFA is a security measure using multiple methods of authentication such as codes, biometrics, or authenticator apps.
Below, see an explainer video on MFA and its benefits:
Implementing Proper Password Management Policies
To protect data and ensure proper password management, businesses should implement the following policies:
- Use strong passwords or passphrases: Passwords should be at least 16 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. Alternatively, use passphrases, which are longer and more complex combinations of words or characters.
- Enforce password policies: For strong identity and access management, businesses should require users to change their passwords regularly and prohibit the use of weak or commonly used passwords
- Use multi-factor authentication (MFA): An additional layer of security to your accounts, MFA requires your employees to provide more than one form of authentication. At Impact, employees use Microsoft Authenticator, which sends a new code to them each time they log in to confirm their identity.
- Implement password management solutions: A password manager app can help employees create and manage strong passwords, reducing the risk of password reuse. These apps encrypt passwords, hold them securely, and help users store a unique password for each account.
- Educate employees: With cybersecurity awareness training, businesses can teach their staff about proper password management practices, including the risks of weak passwords, the importance of password hygiene, and how to create strong passwords.
Passwords have come a long way since their early days in the Roman Empire, but they remain a critical aspect of cybersecurity for businesses today. As technology continues to advance and cyber threats evolve, consider implementing the tips above to reduce the risk of stolen credentials and data breaches.
By implementing strong password management policies, businesses can secure critical proprietary and customer data. Using a passphrase and MFA will add another shield around your company and personal accounts.
Strong passwords are great, but a business needs a holistic security strategy. To learn more about what one entails, download Impact’s eBook: What Makes a Good Cybersecurity Defense for a Modern SMB?