Why I Don’t Know My Password

For the better part of a decade, I employed a mnemonic password system to remember every password for every website that required one.

In early 2020, I deleted every password that mattered and replaced them with a randomly-generated string of characters (comprising capital letters, lower-case letters, numbers, and symbols).

I use an open-source password manager called Bitwarden that creates the passwords and auto-logs me into websites that require them.

Additionally, I use a program called Authy which backs-up two-factor authentication codes into the cloud. This avoids needing my email address or my phone.

Now, it doesn’t matter if I’m logging into Facebook or the Washington Post because while I usually know my username, I definitely don’t know my password. But by logging into Bitwarden, it is pre-configured know when and where to input the correct login credentials. All I have to do is click a button to tell Bitwarden to do it.

Authy comes into play if the website (or I) want to verify I am the only person authorized to use that account. This is in place on everything from Gmail to PayPal to my blog. And if I don’t have my phone on me, I can still safely log into everything.

You should use password management in this age of Russian hacking, especially if and when using easy-to-guess passwords that might include dictionary words. Password managers such as Bitwarden, LastPass, 1Password, etc. will create and store your hard-to-guess website passwords and you only need to know the master password to access the application.

As for two-factor authentication, that might not be for you. But if you’re frequently (or rarely, for that matter) logging into websites or apps that can control your money or identity, then you should definitely set it up.


Stop Your Smartphone From Telling Burglars Where You Live

Photo of child.
Photo by Pieter Vieu. Used with permission.

Did you know that every photo and video you take — and share on Facebook, Instagram, and other apps — from your smartphone is also sharing the exact latitude and longitude of the location where the photo was taken, enabling hackers, burglars, and pedophiles from knowing where you live?

No joke.

Because today’s smartphones are preinstalled with GPS technology (that power your maps and Foursquare apps so you always know where you are), that technology is also added in the form of metadata that is attached to every photo or video your device records.

The fix is easy: turn off the GPS “feature” for your camera and video, keeping it on for the apps that need location information. The instructions are different for Android and other operating systems and you can learn more here.

Cheers to JO Social Branding for the reminder.


Password Manager Sxipper Shuts Down

The End of Sxipper

Nearly 18 months after installing Sxipper as a free add-on to my Firefox browser, which helped me memorize my username, password, last name, address, and other fields for any type of form I encountered across the web, I lament its end with the introduction of Firefox 4.

Sxip Identity founder Dick Hardt elaborates:

By providing users with a graphical interface that enabled them to click on the information they wanted to share to existing websites rather than having to type it in, the transition to an identity protocol such as OpenID could be seamless to the user.

…The ease of use in filling in forms and logging into sites that Sxipper pioneered has yet to be duplicated by any of the competitive products. A high bar was set, and I hope for the sake of internet users everywhere, that the lessons Sxipper learned are remembered and become part of everyone’s internet experience, and that a little bit of Sxipper continues to live on.

I’m not skilled in developing applications and I hope people smarter than me can collaborate to build upon Sxipper’s success and create a wonderful password and form management system for the evolution of Firefox.

Autofill seems to do what I need for now.


Memorize Your Web Password with Mnemonics

If a website form asks you to register and sign-in with a username and password, slap yourself on the head if you duplicate a password from another website.

Go on, admit it. We’ve all done it once upon a time.

If you recognize such behavior as yours, however, stop it right now.

Stop recycling passwords and stop duplicating passwords.

I have no idea how many sets of usernames and passwords are associated with me across the social web, but the important takeaway is I have a different password for every single site. Name the site, and if I’m there I use a different password. Moreover, I can be anywhere in the world on any public or private computer and without reading a piece of paper or scratching my head I always type in the correct password on the first try.

Create a password memory system with mnemonics.

Every time you visit a new site and are asked to create a password, or if you already have a password on an existing site, type in a preconfigured base of capitalized and lowercase letters, numeric digits, and keyboard symbols (ensure it’s nothing in a dictionary) — along with additional characters specific to the website.

Say what, you ask?

Imagine your preconfigured base is !em0Nade.

That was created by substituting an exclamation point for the letter l, substituting a zero for the letter o, and capitalizing the letter N.

Lemonade becomes !em0Nade

If you need to create a password, write in that base; and add additional letters, numbers, or symbols either before, after, or in the middle. The placement of the additional characters is up to you, but its placement and substitution should be the same for every password on every site.

Here are five examples for five different sites requiring passwords:

Facebook: !em0NFkade
Twitter: !em0NTrade
LinkedIn: !em0NLnade
Yelp: !em0NYpade
Google: !em0NGeade

Look at those five examples, and see if you can understand how placement and substitution is always the same. Add a comment below if confused.

Whatever you do, do not use that system.

Create your own system and it will never fail you.

I suggest you have a different string for your webmail program, and you have an even tougher string for your online banking.


Be Impressed by Brobdingnagians and Not Gyps

Quickly glancing through this blog’s spam queue to find false positives, I observed an out-of-place verbosity that would make Erin McKean bounce. You can see it contains words that the typical blog comment spammer would need to look up in a dictionary.

Neopia is a brobdingnagian life on Neopets to tour!
There are to 20 weird areas of Neopia to traverse, so assail Neopia today!
What is the period of Neopia?
Grammatically the wonderful world of Neopia on is made up of 19 unique lands, which order from Neopia Inside, the hub of Neopia, to the confidential matter wobbly Jelly World.
There is tons to do in the Neopia world, including snagging items from the Medium of exchange Tree to robbing treasure from the Snowager!
Be unshakable to explore of of it, and be willing so Buy Neopoints and items to grapple off enemies!

I instantly knew the comment was spam but I wondered if a link to (not linked above) was real.

Screenshot of
Uploaded with plasq‘s Skitch!

What would you think?

It looked legit to me — at first. While a detailed clicking adventure would show spelling errors and lack of comprehension, it was clear after a 30-second glance that the Neopia website was about some fantasy game and people were sought to buy NeoPoints to develop their game characters and become NeoMillionaires.

That’s when I headed to the NeoPets link referenced in that spam comment.

Screenshot of
Uploaded with plasq‘s Skitch!

Notice the Nickelodeon link in the topmost navigation bar?

Want to guess which website is advertising the real deal and which is potentially swindling unsuspecting web visitors? Wanna guess why you can buy NeoPoints on Could it be that is fake?

Don’t be fooled.


Safe Deposit Box or Online Storage: Survey Says?

Picture of woman opening safe box in bank

For $40 a year, I can rent a 3″ x 5″ x 24″ safe deposit box for storing valuables at a local bank. This is where I’d put my birth certificate and social security card, a copy of my passport, and assorted coins.

If you were me, would you rent the box knowing you could only access it when the bank is open?

Or, would you digitize your documents by scanning them into computer files, encrypting the files, and uploading them to something like Amazon S3 for a fraction of the annual cost and for a system that will never be affected by fire or flood damage?

I carry my social security card in my wallet, and keep my birth certificate in the same apartment location as my passport. Neither is safe, but is it better to use a bank’s service or use the web? Which would you do? Which do you already do?