The Time We Made Development Break Passwords
It was a simpler time. Before we’d lost our first hard disk crash to a trojan. Before we’d suffered our first denial of service attack from a botnet full of zombies. Before we learned to never click on unsolicited attachments. Thirty years ago, computers were a lot less complicated.
Sure they couldn’t do as much. In fact, you smart phone has more processing power, memory and storage than my first business computer.
But, they also didn’t get us into as much trouble back in the 1980’s.
I was working for WordPerfect Corporation supporting WordPerfect Library. It was a collection of utilities and a simple DOS Shell. (Graphical user interfaces for the PC were still years away.) One of the utilities was a file manager. A program that showed the files and folders (called directories at that time.) In addition to showing you a navigatable view of your hard drive, a very cool and innovative feature. File Manager, as it was called, also let you set passwords on files and directories.
This was a radical new concept. Networks were becoming more widespread and the idea that you would share the same set of directories with other people was a new concept. The programmer wanted to make the passwords case sensitive. I mean, why would you not? Everyone knows that passwords are case sensitive.
Except that our users were new to networks, new to email and new to security. They wanted to pick passwords that were words like “bookworm” or “ladyliberty” or “password.” If you say any of those passwords, you have no capitalization in your speech.
We were convinced that people would forget if they had used a capital or not. In DOS, the operating system for the PC back then, the operating system didn’t care about case sensitivity. Much like PC systems today, you didn’t have to worry about upper or lowercase in your file and directory names.
If you force them to be case sensitive users will screw it up. We’ll get flooded with calls and we’ll have no way to help them.
But, case sensitive is more secure.
It won’t matter. They will be so secure they cannot open their files. Case sensitive passwords are a terrible idea.
And he agreed. Actually, he didn’t so much agree with our logic as he agreed to make the passwords non case sensitive.
Thirty years later, I still remember that conversation, not for what it says about the products. WordPerfect ceased beign a company years ago. But, what it says about the time. We didn’t have to be quite so careful when we ventured outside our digital front door.
I kind of miss that.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday at 7:00 AM Mountain Time. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and one grandchild.
Follow him on Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss) or email him at rbliss at msn dot com