How some of the world’s most brilliant computer scientists got password policies so wrong
November 18, 2024
The story of why password rules were recommended and enforced without scientific evidence since their invention in 1979 is a story of brilliant people, at the very top of their field, whose well-intentioned recommendations led to decades of ignorance. These mistakes are worth studying, in part, because the people making them were so damn brilliant and the consequences were so long lasting.
The scientists in this case were Robert Morris and Ken Thompson. Thompson is credited as being a co-inventor of Unix and Morris is credited as a contributor. Morris left Bell Labs in 1986 to go onto a much-less visible career at the National Security Agency. Thompson created the predecessor to the C language, won Computer Science’s highest prize – the Turing Award – in 1983, and later went to Google where he co-invented the Go Language.1
Few of us have not been been frustrated (or worse) by password policies. This piece covers their origin (and pints to Ken Thompson, originator of UNIX as mainly responsible).