In 1995, logging-in was simple. A username, a password and that’s it! Passwords were simple and re-using them not a problem because systems were so separated that even if a password was captured, it was unlikely it could be used to login another service of the same user. This was a time when your nerd-cousin’s best advice was: Don’t write your password on a sticky note.
Around 2000, when the internet happened, developers realized passwords should not be send in clear-text. A good thing happened: https everywhere! And a bad thing, which was enforcing passw0rd_Rul3z! which are hard to type for humans and easy to guess for computers.
When systems were hacked, passwords would be tried against a growing number of internet services and security problems became critical. Best advice from this time: Create a unique password for each service and password managers became really popular.
But password managers expose all passwords with a master password. How can you protect your account, even if your security info is compromised?
To mitigate, two-factor authentication (2FA) began appearing. Now, the user enters a login-name, a password and has to provide a code (One-Time-Password) that is generated for a single login session. These codes can be send (SMS) or generated by a device.
With increasing online activity, the number of scammers also increases. Their tactics include calling people to get them to login, use phishing emails and other tricks. On Youtube, you can watch many of such scams and these people should be ashamed of themselves.
More recently, biometric scans are used to log in. When a service asks for a passkey, your device retrieves it from a secure vault or keychain that is protected by the hardware. To unlock that vault, you authenticate with your face or fingerprint.
I’ve also seen systems that stopped asking for passwords all together. As an alternative, they send single-use codes to your inbox each time you want to login.
Yes, we are slowly moving away from one of the oldest relics of computers: P4ssw0rd$!
Written by Loek van den Ouweland on Dec. 3, 2025.