While investigating the first computer password, Wired came across what is supposedly the earliest documented case of password theft.
Passwords are very important. It's something we're all aware of, but we still sometimes choose bad or easy to crack passwords because they're easier to remember. No matter how many times we're reminded to change our passwords often and to never choose something obvious, many people use the same bad passwords as thousands of others ('password,' '123456,' 'qwerty,' or 'abc123' to name a few of the popular ones). That said, our passwords can only take us so far before we must rely on the systems we're trusting with our information to keep intruders out. As we've seen from the increased amount of breaches over the last year, not all companies employ strong enough security and it seems this is nothing new.
Wired this week carries an interesting story on what was apparently the world's first computer password. The story centers around MIT and a massive time-sharing computer called CTSS. CTSS was accessible by multiple different people, so passwords for each individual were a 'no brainer.' CTSS's password system was used for individuals accessing the computer but also to ensure people didn't spend more than their allotted time on the machine. Of course, as we all know, one's allotted computer time is never enough, so one sneaky PhD researcher decided to find a way to bump his usage time. His solution? He committed what is believed to be the first case of computer password theft by printing off everyone's passwords and then logged in as other users.
"There was a way to request files to be printed offline by submitting a punched card," Wired quotes Dr. Allan Scherr as saying. "Late one Friday night, I submitted a request to print the password files and very early Saturday morning went to the file cabinet where printouts were placed and took the listing."
Scherr didn't just keep the passwords for himself -- he also distributed the list among some of the other CTSS users so they could get some extra computer time, too. He left for a job at IBM in the mid-60s and no one at MIT knew about his password theft until he confessed 25 years later. After so much time had passed, Scherr's antics in 1962 didn't really matter. There's also the fact that three years after he stole the passwords, CTSS was hit with a bug that presented every user with a list containing everyone's password when they logged in. Oops. You can read the full story over on Wired.