A Sixth Grader Is Selling Superstrong Passwords for $2

In this Thursday, M, ... ]

In this Thursday, M, ... ] Eric Risberg/AP

Featured eBooks
AI in the Workplace
Read Now

CX in Action

Read Now

Next Steps for CMMC

Read Now
By Frida Garza,
Quartz

By Frida Garza,
Quartz

|

This 11-year-old can help you become cryptographically secure.

In a world where anyone, government agencies and adulterers alike, can get hacked, a really, really strong password is invaluable. That’s why a 11-year-old from New York is selling cryptographically secure passwords for just $2 a pop.

Earlier this month, according to the blog Ars Technica, sixth-grader Mira Modi started crafting unique passwords by hand and selling them to people online. You can count on her password creations to be stronger than anything you would normally come up with, because she uses a method called “diceware.”

Created by Arnold G. Reinhold in the ’90s, diceware is a tried-and-true method of designing a password that’s tough for a computer to crack—but dead simple for a human to memorize. (The problem with our passwords is that they are typically the opposite: relatively each for a computer to guess, but end up becoming difficult for users to memorize.)

For how technologically innovative it is, diceware works in a relatively lo-fi way. You start by rolling a six-sided die five times to create a generate a string of numbers, which you then match to a numbered list of short and simple English words (16655 = clause, 16656 = claw, and so on). This is done a few times to create a random string of words, or a passphrase.

The longer the passphrase, the higher its “entropy” or randomness, and the stronger it is, because it’s harder for computer to guess. A five-word diceware passphrase looks like this: alger gene curry blonde puck horse. (Reinhold recommends using at least six words, to thwart modern-day computers.)

Modi writes every password by hand and then sends it to customers through a mail. Worried that’s not secure? Modi reminds customers that the government cannot open letters sent through the US Postal Mail without a search warrant. (Smart girl.) And what about Modi stealing your password and using it for her own gain? On her website, she recommends switching up the capitalization and adding symbols. Plus, she told Ars Technica, “In reality, I won’t be able to remember them all.”

NEXT STORY: DHS banks on data repository for cyber insurance