Authentication, the process of confirming the identity of an individual or the integrity of data, has been a fundamental aspect of human interaction since ancient times. From the earliest civilizations to the digital age, humans have constantly developed new ways of verifying that things are how they appear. On the flip side, humans have also constantly created new ways of fooling these systems. In fact, the earliest law against forgery was passed in 80 BCE by the Romans. In this comprehensive exploration, we will trace the history of authentication, from the ancient seals of Mesopotamia to the innovative blockchain technology of today.
3500 BCE – Evidence of Authentication
The earliest authentication mechanisms we know of are the cylinder seals found in Mesopotamia (now largely modern-day Iraq). These cylindrical objects, typically made of stone or metal, featured unique engraved designs or symbols. When rolled onto clay tablets, cylinder seals left impressions that served as marks of ownership or authorization. They weren’t exclusive to royalty either. Although the examples from the Middle East are the oldest, thousands of these seals have been found all over the world, and it’s speculated that there are thousands more still buried, which means they were pretty much universal at all levels of society. As ancient communication moved from clay tablets to papyrus and paper, cylinder seals were replaced with seals made from wax or stamps with ink. Often signet rings would be used to imprint the seal into the wax or dipped in ink and used to press the design onto paper.
~150 BCE – The First Passwords
According to Polybius, Roman sentries would use spoken watchwords to regulate access to specific areas. These watchwords would change on a daily basis. However, passwords likely have origins that date back even further, although it is difficult to trace their true beginning as they were spoken and not written, as they are today.
57 AD – Hanko Seal
In AD 57, Japan introduced the Hanko Seal, a carved stamp used to denote authority. These have been in constant use by the ruling class for nearly two thousand years since, and in the last 160 years, their use has expanded to all adults in Japan. Although the Japanese government is reportedly phasing out the use of Hanko in many situations, it is still widely used Individuals and corporations can choose from three common types of Hankos:
- Jitsu-in: Used for official purposes like signing a contract or buying a house.
- Ginko-in: Exclusively used for financial transactions, like setting up a bank account or applying for a loan.
- Mitome-in: a less ‘official’ stamp used for everyday tasks such as receiving parcels or stamping restaurant bills
1069 AD – Signatures
The practice of signing documents with handwritten signatures became popular in medieval Europe and slowly turned signet rings into a fashion choice. Individuals would affix their names or initials to legal contracts, letters, or decrees as a form of authentication and endorsement. The first recorded signature of a historical figure is attributed to El Cid, a medieval Spanish nobleman and military commander, in 1069. During the 1600s, signatures became more widespread as they were commonly used on paper documents. In 1677, the English parliament passed a law that certain contracts must be signed to be legally binding, which further cemented the importance of signatures in legal documents.
1800s – Biometric Authentication
Biometrics may seem like a recent technology due to its increasing use in civil identification and consumer electronics, but it has been used for thousands of years with the earliest accounts dating back to 500 BC in the Babylonian Empire. However, the first record of a full biometric identification system was in France in the 1800s, when Alphonse Bertillon developed a method of specific body measurements for the classification and comparison of criminals. Fingerprinting emerged as a means of identifying criminals and as a signature on contracts in the 1880s. There are debates over who instigated fingerprinting for identification, but Edward Henry is credited with developing the fingerprinting standard called the Henry Classification System.
Biometrics grew exponentially as a field of research in the following century, and in the late 1900s, the digital age opened up new opportunities for biometrics. . Speech recognition technology, voice command, iris recognition, and facial detection technology were developed. Hand geometry systems were used at the 1996 Atlanta Olympics. By the 2000s, biometric authentication recognition algorithms were patented and implemented commercially, even at large-scale events like the 2001 Super Bowl.
Over the past decade, biometric technology has rapidly advanced and become a part of everyday life (just think of how you unlock your phone). As biometrics become more common, the use of identification proxies may cease to exist. When you can use yourself as proof of your own identity, you won’t have to remember passwords, carry keys, or even hold a pen to sign your name.
1961 – Digital Passwords
In the early days of computing, passwords were designed to protect individual users on multi-user systems and networks. The first computerized system for individual user protection was developed by Fernando Corbató at the Massachusetts Institute of Technology (MIT) on the Compatible Time-Sharing System (CTSS), which is widely regarded as the birth of the digital password. However, the first password-based data breach occurred just a year later when PhD candidate Alan Scheer printed out passwords to gain more time on the CTSS for his research simulations.
In 1974, Robert Morris developed one-way encryption that translated passwords into numbers, known as hashing, which is still used today. Five years later, Morris and Ken Thompson coined the term “Salt,” which means adding random characters to a stored password to make them harder to crack. This is also a common practice today.
As networked computing became more prevalent in the 1970s and 1980s, passwords became more widely used to control access to resources in multi-user systems and networks, such as the ARPANET, the precursor to the internet. With the advent of the internet in the 1990s and 2000s, passwords became an essential part of digital security, used for everything from email accounts to online banking. As online services proliferated, the need for strong, unique passwords became even more important.
2008 – Blockchain
Blockchain technology, introduced in 2008 with the launch of Bitcoin, aimed to solve the problem of authentication and trust in digital transactions and currencies. Blockchain is a decentralized and immutable ledger that records transactions across a network of computers. Using cryptographic hashing and consensus algorithms, blockchain ensures the integrity and security of data without the need for intermediaries. This makes it ideal for applications such as digital identity verification, supply chain management, and financial transactions.
2000s – Multi-Factor Authentication
Over the past two decades, multi-factor authentication (MFA) and its predecessor two-factor authentication (2FA) have been used in various forms. Although AT&T patented 2FA in 1998, it didn’t begin to catch on until the mid-2000s. Initially, consumers found it inconvenient to use and believed that a single form of authentication, such as passwords, was enough to keep their accounts safe.
The evolution of MFA accelerated when smartphones became popular in the mid-2000s. With smartphones, people had access to more convenient 2FA solutions, such as receiving authentication codes via SMS or email, which made the whole idea of 2FA more appealing.
In early 2016, President Obama wrote an editorial for the Wall Street Journal in which he declared that passwords alone were not enough to protect consumers and businesses. Before long, smartphones began supporting biometric authentication techniques that accelerated the evolution of MFA once again. This enabled consumers and businesses to begin using a fuller range of MFA methods to secure their accounts.
The future of authentication
As technology continues to advance, cyber threats are becoming more sophisticated, which means that authentication methods must also become more robust. However, it’s important to maintain user convenience. One trend that is likely to gain traction is the move towards passwordless authentication methods, such as biometric authentication and hardware-based security keys. These methods aim to enhance user experience by reducing reliance on passwords, which can be stolen or exploited. Advances in areas like behavioural biometrics and continuous authentication will allow for seamless and secure verification processes, which will help organizations stay ahead of emerging threats.
However, amidst the promise of enhanced security measures lies a looming challenge posed by quantum computing. Quantum computers can break traditional encryption methods that currently safeguard sensitive data and authentication mechanisms. Quantum computers leverage quantum bits or qubits, which allow them to perform complex calculations at unprecedented speeds. This computational power could make existing cryptographic algorithms obsolete, putting the security of digital systems worldwide at risk. As a result, researchers and cybersecurity experts are racing to develop quantum-resistant cryptographic methods that can withstand the threat posed by quantum computing. This will ensure the continued integrity and confidentiality of authentication processes and sensitive data in the face of evolving technological landscapes.
From the humble seals of ancient Mesopotamia to the revolutionary quantum computing technology of the 21st century, the story of humans trying t authenticate things is as long as the story of humanity itself. This challenge has always existed, and the relentless march of technological advancement means it is likely to continue existing forever. As technology continues to evolve, it is crucial to recognize the importance of authentication methods in securing our identities and information. By understanding the historical context and technological advancements, we can better appreciate the significance of authentication in our interconnected world and embrace the opportunities it presents for enhancing security, privacy, and trust.
For help with securing authentication methods in your organisation, contact OmniCyber Security today.