How a nearly forgotten physicist shaped internet access today 

Machine Learning   |   
Published January 1, 2020   |   

Massachusetts Institute of Technology (MIT) announced that Fernando Corbato, a pioneer in computer security, has passed away aged 93.

Corbato’s death, though it is sad news, provides an opportunity to reflect on the importance of his work, and specifically on one of his revolutionary ideas: the password.

That’s right, he invented the password. While managing and remembering passwords has evolved from scribbling on scraps of paper to selecting from among the best password manager software on the market at any given time, the idea is so common that it seems incredible that anyone would have to invent it. But every technology has to start somewhere and the humble password, now used for everything from your email account to cloud security, started at MIT in the 1950s.

Securing multi-user systems

Dr. Corbato spent his entire career at MIT. He originally joined the physics department to study for a doctorate in condensed matter physics, but (luckily for us) soon got distracted by the machines he was using to perform his calculations.

The faculty at MIT was already using computers by 1950, but they were labor-intensive devices. This was partly because the monolithic machines could only work on one problem at a time. This meant that there was always a huge queue of jobs waiting to be processed, and a lot of processing time was lost.

Dr. Corbato’s solution was to develop an operating system called the Compatible Time-Sharing System (CTSS). This allowed large processing tasks to be broken into smaller components, and for the computer to give small slices of time to each task.

Even with the primitive computers that Dr. Corbato was working on in the 1950s, computations were so fast that none of the researchers would realize that they were only using a portion of the available processing time.

CTSS did create a problem, though. With multiple users sharing one computer, files had to be assigned to individual researchers, and available only to them. This was what led Dr. Corbato to develop the password system. In a system now familiar to everyone, every user was given a unique name and password, and their files stored in a way that they were available only to one user.

“Putting a password on for each individual user as a lock seemed like a very straightforward solution,” Dr. Corbato told Wired during an interview in 2012.

The rise of the password

CTSS was a groundbreaking advance, and it didn’t take long before the system had a huge influence. It led directly to the development (also at MIT) of Multics, another multi-user system that relied on passwords to secure files. Multics, in turn, formed the basis for the Linux operating system that is common today.

The influence of Corbato’s work was such that the password system was quickly adopted in almost every field of computer design. When the Internet was first invented at CERN, for instance, it seemed completely natural to use passwords to grant researchers access to computing resources. After the development of the PC in the 1980s, the password became an important part of business life, and eventually everyday life.

Today, though, some are questioning whether the password is really the best way of protecting personal data in our interconnected world. Though the concept itself is sound, there is a huge problem with the way that we use it: too many people use simple, short passwords that are easy to guess. Initiatives such as World Password Day have sought to raise awareness of this, but the problem remains.

Are passwords obsolete?

These problems have led to the development of systems that don’t rely on passwords in order to secure user data. Fingerprint, face recognition and other biometrics are slowly becoming common, even in consumer devices. But the truth is that the password is not likely to disappear any time soon.

The reason is simple: advanced technologies like face and fingerprint recognition are currently too expensive to implement on everyday systems and come with their own host of issues, too. Though certain high-value systems (like Internet banking or corporate intranets) have not relied on passwords for years, it’s unlikely that you’ll need a fingerprint to log into your WordPress account for some years to come. That’s not to say, though, that you shouldn’t secure your WordPress site as much as you can and check regularly for breaches and other infiltrations of your data.

One of the biggest problems with people and their passwords is that they use the same one for, say, their Pinterest account and their Internet banking. That’s a really bad idea – if one is hacked the other is compromised as well. Not surprisingly, password ‘crossover’ was one of the leading causes of damaged brand reputation in 2019.

So while we’ll have to accept that passwords are still with us for a while, we can also improve the way we work with them thanks to password management software innovations. The aforementioned password managers help you generate long, secure, unique passwords for every site (and account) you have, and keep track of all of them for you. There are many password managers that can help you create secure passwords for each account.

It’s important to choose a password manager that fits your needs. Perhaps you prefer to use your desktop for online accounts, then it is important to choose a manager that offers a desktop app, like Dashlane, or perhaps you are looking to also pair it with secure file storage. Whatever your needs, be sure to review each password manager’s features to choose the best one for your situation.

Tech companies are also seeking to improve the security of passwords through new standards like FIDO2, which builds on existing technology rather than trying to re-invent the wheel.

The bottom line

Looking back at the past 70 years, it’s tempting to say that the work of Dr. Corbato has been too influential. Here’s why. Though the password has helped to keep all of our IT systems secure over that time, it’s now such a common feature of everyday life that we forget how important passwords are in keeping us safe online. It can sometimes feel like we need a password for everything, and that’s why we sometimes get lazy, and use short passwords, or re-use the same password for multiple systems.

Not that this is Dr. Corbato’s fault, of course. His invention has been the most reliable way to keep data safe since the 1950s, and will no doubt form the basis for whatever comes next. As Prof Fadel Adib, from the Media Lab at MIT, said in his tribute, “our world would be very different without his research and that of his descendants. He inspires in his work and his legacy.”