Better Than Summer Camp
By Ethan Elshyeb
Special to Santa Cruz Tech Beat
(Photo above: Ethan Elshyeb, programmer, and David Eyes, passQi founder, work at NextSpace. Contributed.)
August 8, 2015 — Santa Cruz, CA
When I turned 14 this year, I decided I was too old for summer camp. That’s how I ended up this summer at NexSpace, working as a programmer for the startup passQi. It also helped that my grandpa knew passQi founder David Eyes, and put in a good word for me.
I taught myself programming around eleven years old, and slowly gained more skills. But working with passQi was my first opportunity to work on a real application that has already gone to market. passQi is a mobile security solution which stores your passwords on your phone, rather than in the cloud, for enhanced security; then relays them to your browser using secure technology. As we’ve learned from LastPass and many others over the years, storing secure data in the cloud is not a legitimate or secure option. passQi works by using a secure AES key that only the host device and browser can know. It utilizes a browser bookmark to generate a QR code, which the device then scans to obtain a secure key, establish a connection, and transmit an encrypted password. In plain English, on any given site, you click a bookmark, scan the QR code that it creates with your phone, and passQi will log you in on a page, completely secure.
One of the interesting things that passQi does is allow you to back up your passwords to Dropbox and other services. Hmm, you ask. Isn’t that defeating the point of passQi? The truth, however, is that using this approach is far more secure than a solution such as LastPass, for two reasons. First, the passwords are not all in the same place, greatly reducing the amount of damage that can be done with a single attack. Secondly, for backups, we not only require users to use a passphrase with at least 8 words, we also use complex encryption involving several AES keys and hashes which would take a while to figure out even if you somehow managed to get the passphrase. Here’s one of the places where I came in: I created a tool which allows users to import and export to/from passQi and other password storage solutions, using the same secure encryption as the backups. This project was mostly completed during the school year, and I’ve been doing more awesome things this summer.
Every Thursday at 9:00 or so, I ride my bike to downtown Santa Cruz, where I buzz in to NextSpace. Up the stairs, I meet with David Eyes, my boss, to discuss and work on my projects. For the past few weeks, I’ve been making tremendous progress on a WordPress plugin which, among other features, would allow users to require the use of passQi to login as a two-factor solution, forcing an extremely high security standard for users and businesses who need to protect their work product privacy.
Three days a week, I’ve been riding up to UCSC to take an Intro to Programming Class, in which I am learning Java. UCSC lets high school students take college courses during the summer for half price. I had already taught myself quite a bit about Java before taking this class, and in the beginning, I found it relatively easy. Now, however, it’s getting to the point where I’m learning things about code that I had always just “used” without really realizing why or what it did. It’s also been helpful to learn more formal strategies for writing tight code, and to peer-edit code with other students.
Additionally, the location of UCSC is great; it’s just a few minutes away from two of my friend’s houses, where I sometimes stop by after class. All of these events together have led to what I’ve felt is a very satisfying summer; and working at passQi has been an amazing learning experience. In my opinion, this is better than summer camp.
Ethan Elshyeb, age 14, is a progammer at passQi this summer, and a student at Georgiana Bruce Kirby in Santa Cruz during the school year.
If you wish to republish this article, please follow these guidelines:
- Add “The following article by <name of author> was originally published in Santa Cruz Tech Beat” at the top of your copy of SCTB’s article and link that text to the original article in SCTB.
- If you follow the above guideline (#1), you are welcome to publish a couple paragraphs of teaser text and then “Continue reading in Santa Cruz Tech Beat.” and link that text to the original article in SCTB.
Learn more about our guidelines here.