CybersecurityA sixth-grader helps people with secure passwords

Password selection grows more difficult for the non-technical // Source: commons.wikimedia.org

It is cheaper than a couple of subway rides, more powerful than almost any hacker (except maybe the NSA). And, if you think about it, not so hard to remember.

For $4, Mira Modi, 11, daughter of Columbia University Earth Institute’s Vijay Modi and journalist Julia Angwin, will fix you up with a very secure password — actually a pass phrase of six words. She uses a well-known technique called Diceware that uses rolls of dice to select words at random from an encoded list.

Columbia U notes that the sixth-grader already has gotten a fair amount of attention for her enterprise, with an interview on NPR and stories in the New York Times, the ArsTechnica Web site, and other media.

“Her business is doing fabulous,” says her dad, who is a professor of mechanical engineering at Columbia University and a member of the Earth Institute faculty. “Her main issue right now is how to juggle the surge in demand with her schoolwork.”

“All passwords are Diceware generated and contain six words,” Mira says on her Web site. “I write the passwords by hand and do not keep a copy of what I have sent to you. The passwords are sent by U.S. Postal Mail, which cannot be opened by the government without a search warrant.” She also recommends you alter the pass phrase slightly after she sends it to you.

The system she uses was developed by Arnold G. Reinhold to create “strong passwords that are easy to remember but difficult for hackers to crack,” she says. “Passwords contain random words from the dictionary, such as: alger klm curry blond puck horse.” Six words are recommended — the longer the phrase, the tougher it is to hack.

Of course you can do this for yourself. But for the price, she is happy to save you the time involved.

Her parents have been an important influence on her enterprise.

Vijay Modi says he grew up inspired by steam engines huffing along the rails near his home and a steam-driven textile factory nearby, long before the Internet, e-mail, and cell phones. “My advice [to Mari] has always been ‘how to do it efficiently’ in less time. I am an engineer.”

Mira had been making passwords informally for a while, he says, before coming up with the idea for the Web site.

Her mother, Julia Angwin, is an investigative journalist at the independent news organization ProPublica and the author of Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance, published in 2014.

“My wife Julia has helped her out enormously with her interest in privacy, and the logistics to get the website running,” says Vijay Modi.

“This is my first business (other than occasional lemonade stands!),” Mira says on her Web site. “But I’m very excited about it and will be very responsible.”