Think you shouldn't leave your online security up to a roll of the dice? This 11-year-old says otherwise.
Meet Mira, a sixth-grader in New York City who enjoys gymnastics, dancing, and, oh yeah, sticking it to would-be cyber-attackers.
Mira is the driving force behind Diceware Passwords, a clever service that builds you your very own, ultra-secure password for just $2.
Diceware builds passwords by, you guessed it, literally rolling dice. Photo by Joe Christian Oterhals/Flickr.
A lot people think the strongest passwords are long strings of random numbers, letters, and symbols, like $%hf73afd#3. But random gibberish like that is almost impossible to remember. You might even be tempted to write it down somewhere (raise your hand in shame in you have a sticky note above your computer with all of your passwords on it), which of course defeats the entire purpose.
The Diceware system uses actual dice to create wacky looking passwords like "cleft cam synod lacy yr wok."
Designed by Arnold G. Reinhold in 1995, Diceware creates "passphrases," or strings of six completely random words from the dictionary. Five-digit numbers created by rolling a die five times correspond to items from a master list of over 7,000 uncommon English words. Rinse and repeat to create the full passphrase.
Behold: random words! Photo by Chris Halderman/Flickr.
It's a little odd, but super effective. Diceware passwords are nearly impossible to crack, but surprisingly they aren't all that hard for humans to remember. If yours were "cleft cam synod lacy yr wok," for example, just imagine a musical clam wearing lacy underwear, being cooked in a wok. Now you've got a password you are't likely to forget anytime soon.
Still, this isn't exactly the most practical method in the world. And that's where Mira comes in.
She first learned about the method while her mom was doing research for a book on cybersecurity. Now, she does all the legwork for people who want a strong password but don't have the time, including rolling the dice herself to create a custom password for each customer. She then mails the password out in an adorable handwritten letter, which, by the way, is way more secure than email. (On her website, Mira reminds customers that U.S. mail can only be opened with a search warrant.)
Sounds legit to me.
Mira's generation will be one of the first to have nearly their entire lives documented online.
Kids start using the Internet really early these days. Photo by Franklin Park Library/Flickr.
They'll grow up with nearly every photo of them ever taken living on Instagram or Facebook. Every interaction with a friend stored inside email or some messaging app. Their entire financial lives documented from the moment they earn their first dollar.
But Mira isn't so sure young people understand the gravity of that.
She told Ars Technica, "This whole concept of making your own passwords and being super secure and stuff, I don't think my friends understand that."
And she's right, but it's not just young people. Turns out, all of us are pretty terrible at creating our own passwords. According to Gizmodo, five of the top 10 most common passwords in 2014 were variations on "1234." The second-most-common password: "password."
Good job, everyone.
Hopefully, Mira's story will get people of all ages thinking more about what we're doing to stay safe online.
She may only be able to roll so many dice in a day, but by setting a good example for her peers (and us grown-ups who have started using the same password for Instagram that we do for our online banking), she can have an even bigger impact.
You can read a lot more about Mira in Ars Technica.
Thumbnail photo by Holly Victoria Norval/Flickr.
No comments:
Post a Comment