PasswordSentry (PS)
was developed in 1999 by myself, DJ Abrams (BA and BSc, University of British Columbia). At that time
I was a web developer and consultant. I had a number of webmasters as clients who ran adult-orientated
websites. I offered web developmental services and security audits. Seems adult sites were (and continue to
be) subject to various forms of hacking and attacks. I rendered services to offset these attacks, and
implement measures to block future attacks. It soon became obvious that one of the most common form of
attacks were dictionary and brute force attacks: attempts to gain access to secure (members) areas by
guessing passwords, and often posting the passwords on password sites for others to use in a similar
manner.
The financial impact on website owners was gruesome.
Firstly, the cost of bandwidth. Password sharing drives up bandwidth which can be very expensive: driven
up by people who did not purchase access. Costing some websites hundreds of dollars a month, and in the
cases of larger websites, thousands of dollars a month. Crippling.
Secondly, the cost due to lost sales. Why purchase access to a website when you can just as easily find a
stolen password on one of thousands of password websites. Sure eventually you would spot the password sharing,
but not before the damage was done. And, as soon as you deleted the password, another one was discovered and
shared on password websites.
Seemed like a never ending story that one had to accept as the cost of doing business. But the cost was so
great, many websites went out of business. Those who hung in, spent an inordinate amount of money, time, and
headaches trying to stay ahead of the attackers. So, a number of our clients approached us for a solution. We
jumped at the offer, and in the summer of 1999, started coding the first version of PasswordSentry.
And, in late August of 1999, we released PasswordSentry Version 1.00. This was the beginning of
long story that persists today, 25 years later.
Story to be continued . . .
