The Demise Of The Password
Although we hackers will sometimes deliberately throw away our passwords and then try and hack our own phones / WIFI systems for self amusement, for many people including the actual inventor of the password, Fernardo “Corby” Corbató (1926-2019), passwords have become extremely burdensome and dis-functional.
Sadly, Fernando (according to the internet) died on July 12th, and equally sadly, part of his legacy was the ordeal of his “having a three-page crib sheet to stay on top of his own 150+ passwords”.
We’re all used to being badgered by websites to use complex passwords with a minimum length and a minimum number of upper case characters, lower case characters, numerical digits and non alphanumeric characters AND being told at the workplace to use different passwords than at other places AND to being told to change our passwords regularly. The fact that somebody like Fernando had 150 passwords is not surprising.
However, there is some hope, as according to Alex Weinert of Microsoft, in his recent synopsis, “When it comes to composition and length, your password (mostly) doesn’t matter”. This may well sound counter-intuitive but Microsofts’s own research suggests that inter-webs gurus should focus more on “multi-factor authentication (MFA), or great threat detection” rather than badgering the user.
The research goes into quite a bit of detail about passwords and concludes that the biggest threat to password security is when criminals obtain data from insecure ‘breached’ sites, in which case it would not matter if your word was written in hieroglyphics, it would be of no consequence at all. Another interesting conclusion was that by making passwords so intractable this encouraged people such as Fernando himself to write them all down, only for someone to rummage through their office desk (technically known as ‘dumpster diving’) and copy them.
Maybe the end of the password will now swiftly be upon us as technology enables biometrics such as ocular based identifications to be more widely used, but then again we’ve all watched those films where the protagonist scoops the eyeball out of a person’s skull to gain entry to a secure area.
It’s easy to get carried away about passwords and security hype, but it should not be forgotten that Fernardo Corbató was an eminent computer scientist who pioneered ‘Time sharing’ on computers, as detailed in this Hackaday article: Retrotectacular: Time Sharing.