The Untold History of How the First Computer Password Was Created and Almost Immediately Stolen

It was 1961, and the dawn of time-sharing computers was upon us. The MIT Computation Center had a brand-new behemoth: the IBM 7090, a machine that cost millions and was shared among hundreds of researchers. There was only one problem: anyone could log in as anyone else. The solution seemed simple—assign each user a secret word.

The first password in computing history was born. It was also almost immediately stolen.

The Problem That Created Passwords

Before passwords, computer access was physical. You signed up for a time slot, walked into a room, and used the machine alone. But the Compatible Time-Sharing System (CTSS) at MIT changed everything in 1961. Multiple users could now work simultaneously from remote terminals, each getting a tiny slice of the 7090’s power.

The system kept track of how long each person used the machine—for billing purposes, mostly. But without identification, anyone could access anyone’s files. A graduate student named Fernando J. Corbató, who later won the Turing Award, proposed a simple fix: a secret identifier for each user.

Corbató didn’t invent passwords for security. He invented them for accountability.

The First Password Breach

Within weeks of implementation, someone did the unthinkable: they printed all the passwords in the system.

Here’s the technical detail that made it possible. The CTSS stored passwords in a plain-text file. There was no encryption, no hashing—just a list of usernames and their associated secret strings. And because the system was new, the command to print the password file had no access controls.

A researcher, curious or careless, typed the command to list the file’s contents. Out came everyone’s password, right there on the terminal.

At that moment, the entire user community knew every other user’s secret. The password system, barely weeks old, had already failed.

What They Did About It

There were no security protocols for this. No incident response team. No breach notification. The MIT team did something pragmatic: they told everyone to change their passwords immediately.

But more importantly, they learned the lesson that echoes through every data breach today: storing secrets in plain text is catastrophic. The CTSS team introduced the first rudimentary protection: they made the password file readable only by a privileged system account. It wasn’t encryption—it was just file permissions—but it was a start.

The Forgotten Innovation That Survived

What most people don’t know is that Corbató’s team also invented the concept of the "one-way function" years before it became standard. The CTSS manual from 1965 describes a system where passwords were "scrambled" so the original couldn’t be recovered from storage. This was the precursor to modern hashing.

But the original 1961 system didn’t have that. It had plain text. And that’s why the first password was stolen—not by sophisticated hacking, but by someone reading the file.

The Password Paradox

Corbató later reflected that passwords were always a compromise. They had to be memorable enough for humans to type on clunky terminals, but secure enough to prevent theft. He watched as decades of security research tried to solve the same problem his team created.

The irony? The first password theft proved that securing shared systems is fundamentally hard. Sixty years later, we still struggle with the same issues: weak passwords, stolen credential files, and insider threats. The CTSS breach was a microcosm of every data breach to follow—just without the headlines.

Why This History Matters

The first computer password wasn’t designed for security. It was designed for accounting. The first theft wasn’t a malicious hack—it was a curious researcher. These details matter because they remind us that security is an afterthought, jury-rigged onto systems built for other purposes.

Corbató’s team fixed the immediate problem with file permissions. They invented scrambling. But they never solved the fundamental tension: secrets that humans can remember are secrets that computers can leak.

The next time you type a password, remember: you’re using a 60-year-old patch, invented to track billing, broken on day one, and never fully repaired.