11-year-old Mira Modi is cashing in on her knowledge of strong, easy-to-memorize passwords. She started her own online business earlier this month, selling hand-generated cryptographic passwords for $2 each!
“I’m a sixth-grade student in New York City,” Mira writes on her website. “This is my first business (other than occasional lemonade stands!). But I’m very excited about it and will be very responsible.” She also explains how Diceware, a decades-old password generating system, works: “You roll a die 5 times and write down each number. Then you look up the resulting five-digit number in the Diceware dictionary, which contains a numbered list of short words.”
The result, apparently, is a combination of five to eight words in a non-sensical string that is so random that it’s extremely difficult to crack. While a five-word string is breakable with “a thousand or so PCs equipped with high-end graphics processors,” an eight-word string “should be completely secure through 2050.”
Photo: Julia Angwin
“You can definitely make one yourself,” Mira adds. “I started this business because my mom was too lazy to roll dice so many times, so she paid me to roll dice and make passwords for her.” Mira’s mom, Julia Angwin, is an award-winning investigative journalist and author of the book Dragnet Nation. As part of research for her book, she employed Mira to generate Diceware passwords, and the sixth-grader realised that other people might be interested in the service too.
So she started making more six-word passwords and eventually decided to sell them for $2 apiece. But sales were slow at first, so she started the website to gain more attention. “I wanted to make it a public thing because I wasn’t getting very much money,” she said. “I thought it would be fun to have my own website.”
When an order comes in, Mira rolls a dice several times and looks up the corresponding words on a printed copy of the Diceware word list. She then writes the password string on a piece of paper and mails it to the customer. She suggests that they make a few changes once they receive it – like capitalizing a few letters or adding symbols – to ensure that she can’t steal their passwords. “People are worried that I’ll take their passwords, but in reality, I won’t be able to remember them. I don’t store them on any computer anywhere. As far as I know, there is only one copy of your password.”
Mira says that she’s sold about 30 passwords so far, and could earn $12 an hour if she worked on it full time. She herself uses Diceware passwords for a few important accounts.“I think good passwords are important,” she said. “Now we have such good computers, people can hack into anything so much more quickly. We have so much more on our social media. When people hack into that it’s not really sad, but when people try to hack into your bank account or your e-mail, it’s really important to have a strong password. We’re all on the internet now.”
Photo: Julia Angwin
Aside from being an entrepreneur, Mira is pretty much a regular 11-year-old – she’s into gymnastics and dancing. But her unique business does set her apart from her friends. “This whole concept of making your own passwords and being super secure and stuff, I don’t think my friends understand that, but I think it’s cool,” she said.
She hopes to learn more about digital security and hacking when she’s older, and perhaps even have a career in cryptography and operational security. The creator of Diceware himself has given her his vote. “I am tickled to hear this, and no, I haven’t heard of anything like it before,” he said of her business. “Obviously from a security perspective it is much better to generate your own Diceware passphrase in private, but it is unlikely she is working for the bad guys, and any effort to publicize the importance of strong passwords is for the good.”
via Ars Technica
