"They became a feature of computer users' lives in 1961, with MIT's Compatible Time-Sharing System (CTSS). Before then, sysops were real sysops. All jobs went through them, one at a time, and access by others was forbidden by laws written on blocks of stone. There are many, mostly sysops, who consider the introduction of direct user access as an abomination that has brought plague and chaos. They may well be right."
"In the past couple of weeks alone, three new wrinkles in password security have appeared. Too-clever-by-half compilers can optimize away protection against time-based password attacks, password managers that are supposed to be architecturally invulnerable to compromise are less than perfect after all, and if you ask your AI to generate a strong password, you may get something that looks right but isn't. You might not ask an LLM for a password, but if your password manager offers one, how's that generated?"
Passwords originated in 1961 with MIT's CTSS, replacing centralized sysops and becoming a core part of computing. Passwords are now widespread, old, and showing growing weaknesses. Recent issues include compiler optimizations that remove time-based protections, flaws in password managers that were assumed invulnerable, and AI-generated passwords that may appear strong but are insecure. Reliance on major providers like Apple and Google creates digital sovereignty risks because access can be revoked. Proper specification, implementation, and user education can make passwords secure, but current practices, user behavior, and emerging AI agent requirements increase overall risk.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]