2000 years of strong passwords

Passwords have been used for thousands of years. The Greek historian Polybius wrote an account in the second century BC of the Roman military distributing watchwords amongst their camp guards. The world has certainly changed a lot since then and we no longer need passwords to protect us from physical danger. They are still here today though and have proved their staying power.

Password authentication has always had its risks, and like most forms of security the problems arise from weaknesses in implementation, not from the logic of the system itself. In the modern world, computers and the internet have given us a new set of implementation risks. In ancient times you might have whispered your password to the sentry on duty to avoid eavesdroppers. Today you need to worry about being spied on when using public wifi systems, and making your passwords strong enough to protect you from automated dictionary attacks.

Memorizing strong passwords has always been a problem for people, the Romans used a tesserārius, a small block of wood, to record their passwords. Today the problem of remembering passwords is even more difficult. We have to memorize lots of different passwords, and they all need to be random strings that are very hard to remember.

Perhaps we can learn something from the Romans here: Write your strong passwords down and keep them somewhere safe. The real threat to password security in the modern age is online, not offline. A wooden tesserārius might not be practical today, but a piece of paper is.