11‑year‑old sets up cryptographically secure password business

An 11-year-old girl from New York has set up her own business selling cryptographically secure passwords, using a technique known as diceware.

An 11-year-old girl from New York has set up her own business selling cryptographically secure passwords, using a technique known as diceware.

Even today, so far into the future that the entire Back to the Future franchise is now set in the past, we’re still struggling to come up with kind of unique and uncrackable passwords that this technological and interconnected age demands.

Instead, as a study earlier this year revealed, we’re ever-reliant on the ‘classics’ – popular, predictable passwords that are extremely easy to remember. While certainly convenient, they’re not advisable because as a result of their simplicity, they offer very little by way of security.

The argument most people make is that multiple complex passwords are too hard to remember, which is why many people fall back on the most basic of constructs, like 123456; password; qwerty; baseball; drago; and football.

However, one entrepreneurial young girl is offering a novel solution to this with the help of some dice. Mira Modi, a sixth grade student based in New York City, has set up a business offering customers “long, memorable passwords” at the very affordable price of $2. Mira, by the way, is only 11-years-old.

“I started this business because my mom was too lazy to roll dice so many times, so she paid me to make roll dice and make passwords for her,” she states. “Then I realized that other people wanted them, too.”

Her mom, incidentally, is Julia Angwin, an award-winning investigative journalist who has been reporting on privacy for most of her professional career. Security, it appears, runs in the family.

“This whole concept of making your own passwords and being super secure and stuff, I don’t think my friends understand that, but I think it’s cool,” Mira said in an interview with Ars Technica earlier this week.

“This whole concept of making your own passwords and being super secure and stuff … I think it’s cool.”

She later adds: “I think [good passwords are] important. Now we have such good computers, people can hack into anything so much more quickly.

“[And] we post a lot more social media – when people hack into that it’s not really sad, but when people [try to] hack into your bank account or your email, it’s really important to have a strong password. We’re all on the internet now.”

How diceware works

The technique she uses for generating cryptographically secure passwords is known as diceware, which was developed by computer expert Arnold G. Reinhold in 1995. It is generally accepted as being one of the best ways of creating entirely random and memorable password.

To begin, a dice is rolled five times, with each numbered result documented. This then leaves you with a code, such as 12345. This result is already categorized in a dictionary, next to which is a word (which is ‘apathy’ in this instance).

DiceYou then repeat this process six times and then band all the words together. You now have at your disposal an entirely bespoke and very long password that even the most powerful of computers will struggle to crack.

Add a random character at the end and you’ve got an even stronger password, such as: apathy/sew/fungal/title/larch/maul/%.

A bright future for Mira

Whatever she ends up doing, it is likely that Mira has in front of her a very successful future. Digital security is an interest she says, so too hacking. As for her small business, as she acknowledges on her website, the model currently underpinning her service is lacking in a real USP – anyone can adopt the diceware technique.

However, there is something charming about this particular offering that makes it appealing, as exemplified by the fact that each uniquely generated password is handwritten by the youngster and then sent to customers by US Postal Mail.

This, she tells us, cannot be opened by the government without a search warrant. Moreover, this is only copy of the password, as Mira doesn’t duplicate or store these uniquely generated passwords on her computer or anywhere else.

So far she has racked up 30 transactions, but after a considerable amount of press attention, there is every chance that her evenings after school are going to be busy responding to orders.

“Buying a password seems crazy,” she notes. “But trying to make your own passwords is even crazier. C’mon – admit it, your passwords could be better.

“Instead of 12345 or password, your passwords could be longer, stronger, and more unique. That’s where I come in. Using a proven methodology, I build long, strong, memorable passwords using strings of words from the dictionary that I select using dice.”

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center