Legacy of Fernando Corbató, inventor of the computer password, should be gone but not forgotten
On July 12, Fernando Corbató, the inventor of the computer password, passed away at age 93. His death should mark an important shift in internet security, where his greatest contribution may well end up being left in the dust. As stories of data and security breachers dominate headlines, people are rethinking what they are sharing online and how that information is protected. Passwords, at least how Corbató envisioned them, simply aren’t cutting it anymore.
In the distant past, passwords actually made sense. Most individuals had computers in their homes that they would share with others. They used passwords to protect their personal account, but there was substantially less personal information stored on them. Today, as people have accounts for everything, from shopping to social media, users are expected to remember an abundance of passwords.
While working as a researcher at MIT, Corbató created the password as a solution to protect the access of confidential files on shared systems. At the time, it was only in use for programmers and researchers, and it proved to be a simple solution. Years later, Corbató expressed his disdain for the modern password process, saying that the number of passwords each individual must remember has “become kind of a nightmare."
Corbató’s assessment of the modern password is astute. According to a 2018 study by LastPass, the average user currently has to remember 191 passwords. To reduce the risk of a data breach, every account should have a unique, complex password, yet studies show that around 80% of people reuse the same password across multiple platforms. As most passwords use personal information or a pattern, it is extremely easy for hackers to guess them.
If a user decides to create unique, complex passwords for each account, they become impossible to remember on their own. This causes many people to turn to password managers. Although they make it easier to create and remember unique passwords, they also make it easy to steal information, as everything is contained in one place. These issues are forcing some companies to turn away from passwords completely, favouring alternate security practices such as biometrics.
Biometrics, which use unique features such as fingerprints or face patterns to replace other identification methods, are becoming commonplace in everyday technology. From office spaces to mobile devices, biometrics are frequently favoured as a safer alternative to passwords. Since biometric data is commonly stored on devices, rather than on the internet, a lost device nullifies the data. The data also can’t be accessed remotely. Another benefit to using biometrics is that information is highly encrypted, making it nearly impossible to replicate.
Biometric identification solves many of the problems faced by password usage today. Users no longer have to remember multiple passwords as they can simply use a personal, unique feature. Certain biometric security technologies, such as facial recognition, can provide continuous recognition as well. This means that if you step away from an account without logging out, unauthorized users will not be able to access the account. It also takes less time to access accounts using biometrics: a 2018 eBook published by LoginRadius showed that 34% of people use three to four attempts to log in to their accounts, significantly reducing the convenience of secure passwords.
While Corbató’s invention did provide us with a simple solution for security, as technologies change, our security practices must be updated. As Brett McDowell stated in the Wall Street Journal, "It's the only piece of technology from 50 years ago [that] we're still using today."
Passwords have stood the test of time and continue to be heavily relied upon, but this doesn’t change the fact that it’s time for technology to move on. We have a solution to the many issues caused by passwords readily available right now. As we remember Corbató for forever changing how we use computers, it’s finally time to start protecting our data using newer, and more secure, ways.