MIT announced that Fernando Corbato, a pioneer in computer security, has passed away aged 93. Corbato’s death, though it is sad news, provides an opportunity to reflect on the importance of his work, and specifically on one of his revolutionary ideas: the password. Here’s how a nearly forgotten (RIP) physicist shaped your internet access.
Paving the way for your personal computer and inventing the computer password was Dr. Fernando Jose “Corby” Corbato.
While managing access codes has evolved from scribbling on scraps of paper to selecting from among the best password manager software on the market at any given time, the idea is so common that it seems incredible that anyone would have to invent it. But every technology has to start somewhere and the humble password, now used for everything from your email account to cloud security, started at MIT in the 1950s.
Securing Multi-User Systems
Dr. Corbato spent his entire career at the Massachusetts Institute of Technology (MIT). He originally joined the physics department to study for a doctorate in condensed matter physics, but (luckily for us) soon got distracted by the machines he was using to perform his calculations.
The faculty at MIT was already using computers by 1950, but they were labor-intensive devices. The computer was a cumbersome lug because the monolithic machines could only work on one problem at a time. Only one problem at a time meant that there was always a massive queue of jobs waiting to be processed, and a lot of processing time was lost.
Dr. Corbato’s solution was to develop an operating system called the Compatible Time-Sharing System (CTSS). The sharing system allowed large processing tasks to be broken into smaller components, and for the computer to give small slices of time to each task.
Even with the primitive computers that Dr. Corbato was working on in the 1950s, computations were so fast that none of the researchers would realize that they were only using a portion of the available processing time.
CTSS did create a problem, though. With multiple users sharing one computer, files had to be assigned to individual researchers, and available only to them. The availability was what led Dr. Corbato to develop the password system. In a system now familiar to everyone, every user was given a unique name and password, and their files stored in a way that they were available only to one user.
“Putting a password on for each individual user as a lock seemed like a very straightforward solution,” Dr. Corbato told Wired in 2012.
The Rise of the Password
CTSS was a groundbreaking advance, and it didn’t take long before the system had a considerable influence. It led directly to the development (also at MIT) of Multics, another multi-user system that relied on passwords to secure files. Multics, in turn, formed the basis for the Linux operating system that is common today.
The influence of Corbato’s work was such that the password system was quickly adopted in almost every field of computer design. When the internet was first invented at CERN, for instance, it seemed completely natural to use passwords to grant researchers access to computing resources. After the development of the PC in the 1980s, the password became an essential part of business life, and eventually everyday life.
Today, though, some are questioning whether the password is the best way of protecting personal data in our inter-connected world. Though the concept itself is sound, there is a massive problem with the process that we use for our passwords: too many people use simple, short passwords that are easy to guess. Initiatives such as world password day have sought to raise awareness of this, but the problem remains.
Are Passwords Obsolete?
These problems have led to the development of systems that don’t rely on passwords to secure user data. Fingerprint and face recognition are slowly becoming common, even in consumer devices. But the truth is that the password is not likely to disappear any time soon.
The reason is simple: advanced technologies like face and fingerprint recognition are currently too expensive to implement on everyday systems. Though specific high-value systems (like internet banking or corporate intranets) have not relied on passwords for years, it’s unlikely that you’ll need a fingerprint to log into your WordPress account for some years to come. That’s not to say, though, that you shouldn’t secure your WordPress site as much as you can.
One of the biggest problems with people and their passwords is that they use the same one for, say, their Pinterest account and their internet banking. That’s a terrible idea because if one is hacked, the others will be compromised as well.
So while we’ll have to accept that passwords will still be with us for a while, we can also improve the way we work with them thanks to password management software innovations. The password managers, for instance, help you generate long, secure, unique passwords for every site (and account) you have, and keep track of all of them for you. Tech companies are also seeking to improve the security of passwords through new standards like FIDO2, which builds on existing technology rather than trying to re-invent the wheel.
The Bottom Line
Looking back at the past 70 years, it may be tempting to say that the work of Dr. Corbato has been too influential. Here’s why. Though the password has helped to keep all of our IT systems secure over that time, it’s now a common feature of everyday life. Because passwords are easy to do and common we take them for granted.
Many forget why the password was invented by Dr. Corbato in the first place. It was for safety. The importance of passwords cannot be overestimated in keeping us safe online. Because of the ease of the way that has come before us, we sometimes get lazy, and use short passwords, or re-use the same password for multiple systems.
Not that this is Dr. Corbato’s fault, of course. Not protecting our online experiences would be our own fault. Dr. Corbato’s invention has been the most reliable way to keep data safe since the 1950s, and will no doubt form the basis for whatever comes next. As Prof. Fadel Adib, from the Media Lab at MIT, said in his tribute, “our world would be very different without his research and that of his descendants. He inspires in his work and his legacy.”
Let’s not forget this legacy of safety; use and protect your passwords.