Skip to content

Evolution of Password Policy

Password means a secret word or phrase that must be used to get admission to a place. Passwords are being used since the ancient times. They were used by Roman Military during the Punic War times. For computers, password is a string of letters, digits, and other characters. Passwords with just numbers are sometimes called Personal Identification Number (PIN).

Key Developments in the Password Policy

  • In 1961, Massachusetts Institute of Technology (MIT) introduced the Compatible Time-Sharing system which required users to log in with a password. This was the first system to implement password login.
  • In 1972, University of Illinois developed a password system where password were stored in plaintext. This was a widely-used password system.
  • In 1985, Unix introduced crypt function. Passwords were now made more secure by hashing them using crypt.
  • In 1991, Crack was introduced. This was the first password cracking tool. It allowed attackers to easily crack passwords which are were not well protected.
  • In 2003, The National Institute of Standards and Technology (NIST) issued guideline for password complexity. Here, the requirement for mix of uppercase letters, lowercase letters, numbers and special characters came in.
  • In 2013, Edward Snowden leaked classified documents revealing the capability of National Security Agency to crack many types passwords.
  • In 2015, NIST update guidelines to recommend 8 character long passwords which require a mix of characters.
  • In 2016, Yahoo announced a data breach, highlighting need for stronger password security.
  • In 2018, NIST recommended using passphrases instead of passwords. Passphrases are easier to remember and harded to crack.
  • In 2020, Multi-Factor Authentication became popular. This required users to have an additional authentication apart from a password.
Last update: August 13, 2023