FusionAuth Logo

World Password Day 2024

Passwords Are History

Made with ♥ by FusionAuth

As developers, you are caught in a cosmic tug-of-war. On one side you want to protect your users' accounts. On the other side, you're dealing with users who set their passwords to "password" and wonder why their bank accounts are suddenly funding a llama sanctuary or buying Robux.

Passwords should be easy. And yet they aren't. Now it's more complicated than ever to balance security, ease of use, and like wtf is OAuth… amiright?

January 2012
3900 BCE

Encryption - Ciphers & Cryptography

The first recorded instance of encryption was in Menet Khufu, an ancient city that bordered the Nile. Researchers have found inscriptions inside the tomb of Egyptian Noble Khnumhotep II, who lived around 3900 years ago. The scribe used a simple code of hieroglyphic substitution, changing one symbol for another to obscure the meaning of the inscriptions.

The message conceals a formula for pottery glaze which was used on clay tablets

January 2012
1920s

Speakeasy Code Words

On January 17th, 1920 the United States banned alcohol in a period called Prohibition. People created speakeasies, illegal drinking establishments that flew under the radar. To stay open in secret, speakeasies used code words to allow entry, similar to the Romans thousands of years prior. Some keywords included “swordfish, open sesame, and 42”

January 2012
1960s

First Demonstrated Online Password

Fernando Corbato demonstrated the first password in an online system in 1961 for the MIT Compatible Time Sharing System (CTSS) (at MIT). Using a password felt like a straightforward solution to allow individual users to keep a private set of files.

The passwords would also limit the amount of time that they could spend on the system.

 In 1966, graduate student Allan Scherr, fed up with the limits on his time available on his computer time, discovered he could print out the master password file on the system so that he could access other user accounts. And thus, the first password was hacked.

Curious if your passwords have been exposed?

Check out haveibeenpwned.com

January 2012
1970s

Unencrypted Password

Earlier versions of Unix used a password file, `/etc/passwd` to store all account information on a user, including hashed passwords. This data could be displayed by running cat /etc/passwd.

In the 1970s salts were introduced. They make it more difficult for unauthorized users to determine the plain text value of passwords in the /etc/passwd file by adding extra complexity to passwords before they are hashed and stored.

In the mid 1980s, password security was further enhanced by storing the password hashes separately in a file readable only by root called /etc/shadow. And now you relive the glory days of poor password security by getting a $cat /etc/passwd shirt for free by downloading and installing FusionAuth!

fusionauth tshirt
January 2012
1976

Public Key Cryptography

Asymmetric cryptography, or public key infrastructure (PKI) emerged as a secure authentication technique. PKI was initially classified, and became public in the early 1990s, playing a big role in authentication.

January 2012
1980s

“Passwords” Make the Mainstream

In the 1980s, as passwords made the mainstream, so did the rise in hacking. The scope of the problem was so great that in 1985 the U.S. Department of Defense recommended the creation of the Department of Defense Password Management.

At that time, an eight character password containing letters and numbers could withstand six months of attack over a 300-baud modem.

January 2012
1984

One-time Passwords

One time passwords were developed by Leslie Lamport in 1984, an early example of passwordless authentication.

January 2012
1994

The World Wide Web Consortium

Sir Tim Berners-Lee founded the World Wide Web Consortium (W3C) at MIT/LCS to “shepherd the web, by developing open web standards.”

January 2012
2019

WebAuthn is Created

The Web Authentication API (WebAuthn) is developed and recommended by the W3C to strongly authenticate users through an authenticator, such as platform authenticators, roaming authenticators, or Near Field Communications (NFC). Logging in through a device is commonly referred to as using a passkey.

January 2012
Today

Passwords on the Brink of Extinction

Passwords are more vulnerable than ever. In 2023, any six character password string containing any mix of letters, numbers, and symbols was susceptible to being brute force hacked instantly.

As the problem grows, platforms are requiring more complex passwords, adding layers on top passwords, or dropping passwords altogether for other methods, including multi-factor authentication, social sign on, passkeys, and more. World Password Day was created in 2013 by Intel to raise awareness about password security, and why it’s so harmful to businesses and developers.

As developers, you have more considerations than ever – you don’t want your users to feel like they are playing the password game when creating an account, after all, do you?

So, dear developers, let’s raise our coffee mugs (or beer glasses) to World Password Day. May your code be bug-free, your APIs RESTful, and hope that your users enjoy a password free future.

If all goes well, hopefully you won’t have to answer any more questions from your parents on how to reset their passwords or use a “password manager”.

Important Password Statistics You Should Know by 2024

81%

Of company data breaches are caused by weak passwords.

555M+

Stolen passwords on the dark web since 2017.

99.9%

Attacks blocked by multi-factor authentication.

336M

Users affected by a Twitter Bug.

The Future is Passwordless

If you are looking to modernize your login experience, check out these resources we’ve put together:  

Sources & Reference
1

A Brief History of Cryptography • Cypher

2

Privileged Passwords • Beyondtrust

3

A Concise History of Public Key Infrastructure • cdn.ymaws

4

The First Password To Be Hacked • FusionAuth

5

Password Statistics You Should Know • financesonline

6

1985 called. They want their passwords back! • tulane.edu

7

A Brief History of Passwords • dashlane.com

8

A Reminder We're Still Using Crackable Tech • cnet.com