The First Password on the Internet

It was created in 1973 by Peter Kirstein:

So from the beginning I put password protection on my gateway. This had been done in such a way that even if UK users telephoned directly into the communications computer provided by Darpa in UCL, they would require a password.

In fact this was the first password on Arpanet. It proved invaluable in satisfying authorities on both sides of the Atlantic for the 15 years I ran the service during which no security breach occurred over my link. I also put in place a system of governance that any UK users had to be approved by a committee which I chaired but which also had UK government and British Post Office representation.

I wish he’d told us what that password was.

Tags: history of security, Internet, passwords

Posted on January 14, 2025 at 7:00 AM • 15 Comments

Comments

Jan Groenewald • January 14, 2025 7:33 AM

He can’t. He’s still using it.

Brian • January 14, 2025 7:39 AM

1… 2… 3… 4… 5…?

Larry Seltzer • January 14, 2025 8:24 AM

What’s his birthday? What’s his cat’s name?

Reichert • January 14, 2025 8:49 AM

Joshua ?

Quidnam • January 14, 2025 9:19 AM

Perhaps he did (“password”)…

Who? • January 14, 2025 10:26 AM

—put a password on your life, no security breach will occur over your link.

How different was Arpanet/Internet half a century ago. It was much better than it is right now. When I first used this network, more than three decades ago, all was much better. Internet was a better place where people trusted on any other members of the community, people was [usually] clever and friendly.

Better people, and simple protocols easy to understand. Information was under our control, except perhaps the one stored in the Usenet.

I am getting old, perhaps, but I do not like how Internet is evolving.

Uthor • January 14, 2025 11:19 AM

But telling us the password would have been bad practice!

JimFive • January 14, 2025 11:57 AM

He can’t tell us, it’s still in use.

Arno Nym • January 14, 2025 12:15 PM

Obviously, the password was “hunter2”!

https://bash-org-archive.com/?244321

John Graham-Cumming • January 14, 2025 12:26 PM

This report from 1976 (https://nsarchive.gwu.edu/sites/default/files/documents/5793285/National-Security-Archive-Peter-T-Kirstein.pdf) from Peter Kirstein shows on page 149 a sample dialog with the machine in which the following happens:

*** UCL FAX-MESSAGE SYSTEM VERSION X.04
YOUR NAME : KIRSTEIN<CR>
PASSWORD : XYZ<CR>
LOGIN O.K.

… TYPE ? CR FOR HELP

So, perhaps it was XYZ?

B. D. Johnson • January 14, 2025 12:35 PM

Probably “swordfish”

M Ramsey • January 14, 2025 1:42 PM

Professor Kirstein’s contributions were outstanding. However, I’ll admit to being confused by the notion of “The First Password on the Internet”. I worked on development of the PDP-11-based Arpanet ELF gateways for CDC and Cray computers starting in ’74. These ran a heavily modified version of RSX-11M for which I wrote the network facing Telnet server, which included a login program with user numbers and passwords. This was hardly cutting edge stuff, IIRC, the dial-in Telnet gateways all had user numbers and passwords, and all of the systems connected to Arpanet back to my first uses in ’72 or so had user names/numbers and passwords (except, notoriously, the ITS systems at MIT). In fact, the one recent innovation in password technology I know I did use was a one-way hashing function which I believe was first publicly described in ’72 or so.

Me • January 14, 2025 1:51 PM

If odds bear out, it was “123456”.

EvilKiru • January 14, 2025 3:16 PM

Bruce: I, on the other hand, am more impressed that Peter continues to maintain operational security, because in the end it doesn’t matter what the password was. Just that it was never cracked.

Chris • January 15, 2025 4:59 AM

but how do we know it was never cracked ? The resource only being accessed using the password seems tautological.

The First Password on the Internet

Comments

Leave a comment Cancel reply