The History of Authentication in ICT
30 September 2019
What is Digital Authentication?
Digital authentication refers to the process by which a user’s identity is established and presented electronically. This is usually in order to gain access to an information system. Digital authentication is ingrained in our everyday lives, however, this was not always the case.
The 1960s was the first time that people started thinking about authentication. During this decade, computers were enormous and very slow when compared to the technology that we have available today. Despite this, cyber security was becoming more of a priority.
Password protection, an authentication type that is still used heavily today, was first created during the 1960s. Its weakness is that any password-based authentication system needed to store passwords somewhere. This is to enable it to validate them against user input. In turn, this meant that it was easy to view passwords as they were all stored in a clear text file.
Following the weaknesses that were found with password authentication in the previous decade, hash functions were developed. This created a way to use password authentication and use a secure password store which could not be accessed easily.
As cyber security became more sophisticated, hackers also found new ways to overcome the new levels of authentication. Hackers soon found success targeting hash function algorithms with ‘brute force’ and it was clear that cyber security issues still existed.
The 1980s were a turning point for cyber security. This decade brought personal computers and advancements in hardware and software. Furthermore, computers were becoming commonplace in both businesses and households. The main change in digital authentication during this time was the use of the one-time password.
One-time password systems came with their own set of challenges. For example, for one-time passwords to succeed, they need to be unpredictable and securely delivered to the user. Creating an algorithm that can consistently create a unique password was one of the many challenges faced in the 1980s.
‘Brute force’ hacking was still a large cyber security issue in the 1990s. A brute-force password attack uses the speed of computers to try every iteration of a password on a login page. CAPTCHA, which stands for “Computers Automated Public Testing to tell Computers and Humans Apart” was created and implemented in the 1990s. This meant that with each authentication attempt, a CAPTCHA solution is required. CAPTCHA solutions are still heavily used today. For example, Google reCAPTCHA is used by many companies. This required the user to select images containing a particular feature from a grid.
Multi-factor authentication started to be used heavily in the noughties. This is where a user is required to provide more than one authentication before being granted access. This makes it considerably harder for hackers to gain unauthorised access.
In the last 10 years, there has been a cyber security revolution. The vast majority of businesses now have a website and 18.2% of all sales are now made online. With so many businesses and people needing to keep their personal information safe online, multifactor authentication is very popular. Online banking, email accounts, personal accounts and many others now use two-factor authentication as a minimum.
The rise of smartphones in the last decade has also brought about some huge changes to authentication. Biometric authentication has become much cheaper for businesses to use. Apple has taken advantage of this, launching Touch ID in 2014 and Face ID in 2017. Fingerprint recognition is used in other authentication capacities, such as door entry systems.
Despite new authentication technologies, many organisations and individuals still use a singular password. When used correctly, singular password protection can be an adequate level of security. Despite this, many users and organisations do not follow password best practices. This had led to countless password database hacks over the last 10 years and many businesses have suffered as a result.
In our age of growing connectivity and industrial digitisation, cyber security is a top priority for businesses. If you would like to discuss cyber security, please get in touch today and chat to a member of our experienced team.