Mira Modi, a sixth-grade student in New York City, who started her cybersecurity business about a year ago, and since then has managed to grow her business selling unique passwords for a measly $2. “This is my first business, other than occasional lemonade stands! But I’m very excited about it and will be very responsible. My password business has been profiled in my mother’s book, Dragnet Nation, and in a New York Times video,” Mira writes on her website.
Mira uses a method dubbed Diceware to come up with passwords for her clients. The method, according to her, works like this: “You roll a dice 5 times and write down each number,” Then, she says, one has to look up the resulting five-digit number in the Diceware dictionary, which contains a numbered list of short words.
Diceware, she says, is a system for building strong passwords that was developed by Arnold G. Reinhold. “The Diceware method creates strong passwords that are easy to remember but extremely difficult for hackers to crack. Passwords contain random words from the dictionary, such as alger klm curry blond puck horse,’ she says.
According to Ars Technica she’s sold 30 passwords in her first month of business “This whole concept of making your own passwords and being super secure and stuff, I don’t think my friends understand that, but I think it’s cool,” the 11-year-old was quoted as saying by Arts Technica.
On her website she mentions the trigger behind starting the business comes from her mother, tech journalist Julia Angwin, who, she says, was simply too “lazy to roll dice.” She said her mom paid her to roll the dice and make passwords for her. While she started doing that, she also realized the potential for business. “Then I realized that other people wanted them, too,” she says.
“Buying a password seems crazy. But trying to make your own passwords is even crazier. C’mon – admit it, your passwords could be better. Instead of 12345 or password, your passwords could be longer, stronger, and more unique,” she says.
“That’s where I come in. Using a proven methodology, I build long, strong, memorable passwords using strings of words from the dictionary that I select using dice. This method has been endorsed by no less an authority than the XKCD comic,” she says.
Passwords need two characteristics to thwart hackers. First, they must be unique – meaning not available in any of the publicly available lists of previously hacked passwords. Second, they must contain a lot of “entropy” – which roughly means that it would take a powerful computer a very long time to guess the password. “Basically, a high entropy password is a long password,” she says.
Studies have shown that most people are not very good at thinking up unique, long passwords on their own. So, that is why Diceware is believed to be a good method for passwords when one really wants to be secure – such as the passwords for e-mail and financial accounts.
The Diceware creator recommends that one should use six words for their passwords, or five words plus a character) because five words are breakable with a thousand or so PCs equipped with high-end graphics processors. She says criminal gangs with bonnets of infected PCs can marshal such resources. Six words may be breakable by an organization with a very large budget, such as a large country’s security agency. “Seven words and longer are unbreakable with any known technology, but may be within the range of large organizations by around 2030,” she says. Obviously, people will buy for more safety and security.