You suck at passwords.
This isn’t a personal slur—the law of averages says that you have not chosen a password that can adequately defend your data. In 2014, the most common (and therefore worst) password found in leaked data was still “123456.” The second most common password is “password.” Even if you’re smarter than the average bear and chosen a password like “3*59B1tter3mpire!?” (which is not my password, don’t try to use it, your computer will blow up) that string of data, assuming you can even remember it, is still surprisingly vulnerable to brute-force attacks.
With that in mind, let this eleven-year-old show you how it’s done.
Sixth-grader Mira Modi has a genius business plan: artisanal passwords. For $2, she will send you a cryptographically secure password through the US postal service (theoretically secure against anyone without a warrant), which is not saved or stored anywhere except on a single slip of paper. Better yet, her cryptographic generation system involves Diceware—secure enough to be NSA-proof, and yet particularly easy to remember. Here’s how it works:
Look at the alphanumeric gibberish in the first paragraph. It looks secure, but it’s based on a variant of just two words. Remember that a hacker with decent resources can guess that password about a thousand times per second. According to Edward Snowden, the NSA can guess your password one trillion times per second. A two-word password, even with tricky extra characters added, is toast. Diceware, however, works by making you pick seven random words, in English, from a menu of nearly 8,000 words. You roll—or rather, Mira rolls—a combination of six-sided die, which generates a random number. This number corresponds with a random word in the Diceware dictionary. By picking seven truly random words, you get a password that can endure 27 million-years’ worth of NSA-level hackery.
Of course, the best way to generate a truly secure Diceware password would be to do it yourself. But, let’s be honest here—you’d probably screw it up somehow.