Devices with inbuilt batteries that have to be trashed when their batteries die are an environmental timebomb
Wired headset are more environmental friendly than their wireless brethren
A couple of months ago, my Mi bluetooth headset stopped working after I got caught in the rain though it was supposed to be water proof (IPX4). Its battery is inbuilt so that means the headset itself has to be trashed though it was barely seven months old (one month out of its warranty coverage).
Mosquito swatter with inbuilt battery
Then, another device with an inbuilt battery, went kaput after two years of use. My mosquito swatter (a popular device in India) uses an electrified net to kill the pests. It has an inbuilt battery, becomes e-waste once its batteries die. Meaning I was personally responsible for adding one kg of plastic, metal and battery to the alarming e-waste catastrophe.
So why is this a problem?
Battery-driven devices are battering our planet
This site shows the scale of e-waste with a scary analogy.
We generate about 40 million tons of e-waste every year. This is equivalent to throwing out 800 laptops every single second.
So what can we do about it?
We can’t expect people to give up their iPhones and MacBooks to save the planet. We have got too used to them and couldn’t survive without them.
But can we at least think if we really need to buy all those other gadgets which use inbuilt batteries?
Like for instance, the AirPods?
Expect 100 million AirPods to be trashed every 18 months
Apple stopped revealing the actual number of products they sell some time ago. However, it’s estimated they sold 35 million AirPods in 2018. The Apple tracker, Ming-Chi Kuo estimated back in 2018 AirPod sales would touch 100 million units in 2021. Those original AirPods didn’t even have noise-canceling or sweat proofing. The updated AirPods Pro do, and is aimed squarely at the massive ‘workout’ market. Sales will probably cross 100 million mark in 2020.
The elephant in the room is the life of AirPods. This article says you can expect AirPods to last for 18 months. So every 18 months, you can expect 100 million AirPods to turn into toxic e-waste.
100 million AirPods. Think about it. What are we doing to our planet?
If we keep doing this, a new wave of angry young activists are likely to snatch our precious AirPods out of our ears and grind them under their feet. And I for one would find it hard to justify why they are wrong. They have to live on this planet for another half century or more, and we have no right to plunge along madly destroying it just so we can avoid a few wires or the inconvenience of changing batteries.
Actually, that’s all it comes to.
Think before you buy
Anyway, after the bluetooth headset disaster, I decided I had a good excuse to get myself a pair of AirPods. The timing was also perfect as Amazon was having its Great Indian Sale, which is when India’s gadget lovers go nuts as you get terrific deals online. Accordingly, I found myself a pair of AirPods at a great price and put it in my Amazon shopping cart on my phone.
I was doing the above while visiting my mother. She observed me being hassled by a few mosquitoes that had sneaked past the net covered windows, and handed me her mosquito swatter. As I swung it, a couple of AA batteries fell out. My mother laughed and said the battery compartment lid had become loose over the last five years. I put back the batteries and noticed they were the rechargeable AA type. As I swung it at a particularly persistent mosquito buzzing behind my neck, something clicked inside my head.
It seemed to me the planet was speaking to me.
Feeling a bit ashamed, I removed the AirPods I’d been drooling over from my online shopping cart, and instead ordered a wired headset for ₹449 or $6.5. This inexpensive set turned out to be a surprisingly good buy.
They are made by an Indian company called Boat. I had never heard of it but the headset had good reviews on Amazon. So I decided to try my luck. I have been using it a couple of months now. It survived two unexpected heavy showers which I got caught in while jogging. At 2% of the cost of the AirPods, they are great value for my money. The ear seal design gives good, ambient noise-insulation. The cables are water-resistant allowing me to run them inside my shirt to keep them out of the way during workouts. The hooks anchor them in my ear so they never ever fall out. The control unit has volume buttons and a clip to attach it to my shirt. Then there’s the 10mm drivers that makes for thumping bass, perfect for jogging. Even Siri works with a long press on the cord button so I can use voice commands like ‘shuffle,’ ‘skip song’ or ‘call my wife.’ I’m really beginning to wonder what I’m missing apart from the convenience of having no wires. Is it the pleasure of having one more gadget to charge everyday?
What I do know is the earth will be a better place for my daughter.
Going back to Windows after a decade and more on Apple
12 years and time to say goodnight to an old friend (Photo:babulous)
When I first began thinking of getting a laptop, I wanted a Mac. Those days, Macs had this aura of being sleek, powerful machines that ‘just worked’ and had all the software you would ever need. As against Windows computers which conjured images of clunky beige boxes with a mess of tangled cables spilling out from their back, and a software experience epitomized by pirated apps, bloatware, and the infamous blue screen of death. However I was tight for cash at the time, and Macs came at a premium. So I opted for a laptop running Windows XP. It was a huge improvement on the earlier Windows OSes but it was still more a ‘use it and fix it’ machine unlike the ‘use it and forget it’ Macs.
12 years of Mac
Soon after, my financial situation got better and I straightaway got myself a MacBook Pro with a sumptuous 17″ LED screen. Four years later, that screen unexpectedly crashed on me midway through a project, and I had to get an iMac. That iMac is now a venerable eight years old, still perfect for browsing, and basic activities like writing a post on Medium, but it can’t do much else.
Surprisingly, my 12-year-old MacBook is still working. I did get its screen fixed, and began using it as my travel companion. But it’s really old, and when its battery died for a second time, I couldn’t find a replacement except on some sidey sites. I did find a workaround of using it without a battery, like a sort of portable desktop. Unfortunately, its 12-year old hardware is no longer supported by a lot of the current software, including the latest version of browsers like Safari and Chrome. So I can’t even recycle it off as a dedicated device to watch streaming services. I ended up packing it away. Maybe, it will reincarnate itself as a relic of its times: a burnished piece of finely-crafted aluminum representing the peak of an era of minimalistic Apple laptops.
Back in the Windows pond
Anyway, that was how I was once again in the market for a laptop. However, in the years since I got my first laptop, things have changed.
Macs have become even more pricier in India, while you can now get relatively capable Windows laptops at a fraction of that price.
Sticker Shock: This 15″ Macbook costs $2703 or ₹1,92,900 at my local Apple dealer
But these days, the difference between the Windows and Mac experience has reduced substantially. Some of my designer friends still swear by Macs. It makes sense for them to pay the premium, as it helps improve the quality of their work, as well as their efficiency while working. But Macs are overkill for ordinary folk who use laptops mostly for browsing and word processing.
Besides, technology changes so fast these days that it makes more sense to invest less in a device, and replace it every 3 years with the latest version of the same device. This approach has worked well for me with mobile phones and TVs, so I don’t see why it shouldn’t work with laptops.
That’s how I decided to leap back into the Windows universe. However, in my years away from Windows, I had lost touch with the ‘computer specs’ side of affairs. The only way to approach this issue was to work backward. I had to figure out what I needed the laptop to do for me, and then work out what kind of computer specs I should look for. So that’s what I did.
What I need my computer to do
I wanted a sleek looking, light laptop that starts up fast, runs smoothly, and lasts all day. It should come loaded with all essential software, and preferably have a reasonably large screen. It also has to be sort of future-proof, and not come with outdated hardware that can’t be upgraded. This doesn’t mean I need a powerful machine, as I’m not into gaming or video editing. I would be using my laptop mainly for basic web browsing, web-based apps, word processing, email, video playback, and similar activities. Finally, storage-wise, I don’t need much space these days. Photos and music are no longer the space hogs on my computer that they used to be. The former gets automatically uploaded to Google Photos for easy access anywhere, while the latter comes from various streaming services. Besides, I have a couple of portable storage disks lying around with terabyte capacity. If I could get such a laptop within a budget of around ₹25000 or $350, it would be perfect as I could upgrade to the latest laptop in a 3–4 years without feeling extravagant.
What the doctor prescribed
Using the above as a guideline, I visited a couple of online laptop forums, to check out what the experts recommended for people with my needs.
One such whizkid was of the opinion I avoid the latest, expensive Intel i5 and i7 processors. He suggested I get the 8th Gen i3 with dual cores (i3 8145U), team it up with a fast SSD disk, and bump up the RAM to 8GB.
I did some more browsing. It seems SSD (solid-state device) disks are similar to what phones and tablets use. They run faster than the old spinning hard disks. They also require less power and can last 6–8 hours, which means you don’t need to cart your charger everywhere. However, SSDs are pricey unless you are willing to settle for basic storage capacities like 128 or 256 GB.
Making the jump
I was fine with compromising on storage with a 256 SSD. That is more than adequate for my current needs while taking care of my need for speed. The 8th Gen i3 chip should give me a window of 3–4 years before I end up in my current situation of having hardware that’s incompatible with widely-used software. At my budget, I knew touchscreen and 4K tech were out, but I just might be able to get a 15″ screen with full HD.
As I pondered over what to do next, the decision was taken out of my hands with the arrival of the Festival of Lights (Diwali) in India. These days in India, people go into a buying craze during these festivals because that’s when online retail giants like Amazon and Flipkart have massive sales. It’s similar to Black Friday in the US, except offline retailers can’t match the online prices. It was no different this year during Diwali. Suddenly I could see Windows laptops going at heavy discounts.
Specs sheet for the nerd
Accordingly, I went back to Amazon and searched for SSD and i38145U. After a bit, I found an Acer model that seemed to fit my bill, except for 4GB memory (RAM) which was however upgradable. The SSD was SATA whatever that meant. The pre-sale price was Rs 28,900 or $408. Once the sale kicked in, the price dropped to Rs 25,240 or $355. I jumped for it.
Sleek and slick: the 2019 incarnation of a $350 Windows laptop
Using Windows feels like using a Mac
I have been using this laptop for a couple of weeks now. It’s plasticky and not a perfect block of my aluminum, like my old MacBook, but it’s thin, light and the battery easily lasts 6–7 hours. The screen is only viewable from certain angles, but it’s full HD and has a lid that opens out to 180 degrees, which makes that a non-issue. The picture quality isn’t as rich as my 11-year-old Macbook, but its blue light shield makes the screen easier on my eyes at night.
The pleasant surprise was ‘It just works’ out of the box, to use the old Apple slogan. It just took a few minutes or so to follow the simple Windows setup process of linking up the laptop to my Microsoft ID, and I was good to go. There was a moment when the laptop wouldn’t connect to my internet while all other devices in the room did, which brought back memories of spending hours fixing windows, but the issue resolved itself.
Everything was weirdly reminiscent of the Mac in an opposite kind of way. The search window (spotlight) on Macs is in the top right corner, whereas it’s in the bottom left on Windows. The keyboard shortcut to open spotlight is tapping on Command (Apple logo key) and spacebar. On Windows, you just tap the Windows key.
Scrolling timeline on Windows 10 in Dark Mode
While working, I accidentally did the iPad gesture of sliding 3 fingers upwards on the trackpad. Surprisingly, it worked exactly as expected, as the screen revealed all the open windows. Intrigued, I swiped downwards, and in a flash, all open windows disappeared to reveal the desktop. Once again, I swiped upwards, and all windows reappeared. I swiped upwards again to see if anything would happen. A scrolling timeline of the app and pages I had visited recently opened. I had never seen anything like this before.
Cortana is trying to take over from Alexa
That was when I realized that Windows reminded me of the magical feeling of discovery, a unique feeling which I only used to get while using a Mac. In a way, it was a bit funny as it felt almost like Windows copied the Mac. But with a kind of mirror image with the search window, almost as if to childishly say, “No, I didn’t copy you.” I mean why bother. Apple itself is famous for copying stuff and trying to differentiate by doing it better. Even Cortana, the Windows assistant was doing a good job of copying Alexa and trying to take over from the Echo Dot sitting on the desk beside my laptop. I asked Cortana to remind me to do a recharge, and she wanted to ‘when’ which is exactly how Alexa would have reacted. The thing is no one cares anymore, as long as things work.
All-in-one machine
Moving on, Macs used to have the advantage of coming with all the basic software. Operating System, browsers, photo storage, and editing, music, email, and iWork, which is Apple’s equivalent of Microsoft Office.
Turns out Windows has caught up with Macs, and now does the same, except for Microsoft Office. However, if you can manage without Office (which I can), you don’t need to install any software. Besides, a lot of the time, I can do stuff directly in my browser without the need for additional writing software, like this post for instance.
Security used to be another major issue with Windows, and you had to install processor hogs like Norton Antivirus, which would constantly nag you to update stuff or renew the annual fee. But Microsoft now has security covered with Windows Defender which runs discreetly in the background, keeping out viruses and malware, and even automatically updating itself.
Not perfect but likable
After the first flush of excitement of playing with my new toy, I did find some bloatware and games. Who needs Candy Crush or Norton Antivirus? Again, getting rid of them wasn’t too hard. I just had to double-tap on the app, select ‘uninstall’ from the popup menu, and follow the instructions. I even found one of those apps useful as it connected to my phone’s bluetooth and allowed me to use my phone to unlock the laptop. Perfect for Mr. Lazybones.
All in all, I found Windows 10 to be surprisingly stable. The laptop starts almost instantaneously, the apps zip along, and using it is intuitive and fun. I guess it’s not all due to that speedy SSD.
The other pleasant surprise was the look and feel of Windows. What once looked basic and functional, now has a distinct identity of its own, and comes across as polished and confident in a way that Windows never used to be.
Stripe quietly added India to the list of countries where it works
India earns its stripes
Yesterday, I casually checked the map of countries where Stripe (Medium’s Payment Partner) works, and was a bit taken aback to find India had finally appeared on the map. I scrolled down to check out the list of countries, and confirm the sighting. India was there alright. About time, I say!
After all, Medium began payments to writers in other countries in early 2017. It’s not the lack of payments that bothered me (most writers earn peanuts anyway) so much as Medium’s non-inclusive policy. A writing platform where writers are paid based on the country they live in, is simply unfair. I have been protesting for years, and was really glad to see this issue finally sorted out.
On second thoughts, I shouldn’t be counting my chickens before they hatch. India is marked as ‘Preview’ so I assume the listing is probably not yet official. Maybe, it’s not even working. I decided to sign up with Stripe and link it with Medium account, join the Medium Partner Program, and see if it really works.
Accordingly, I got going. The process was quite elaborate. You have to fill in all details on Stripe, connect your bank account, sync emails if need be. After that, you go back to Medium, and link it to your Stripe account. That part happened easily.
But then, I noticed the fine print which said that payments would not happen until I entered my tax details. There were three forms there, and the system recommended one of them. I suppose it did this based on the fact that I am an individual, and not based in the US. I’m not sure what all this means, but I got a hint when it was done.
So let’s say I earn $1, does this mean 30 cents will be withheld as US taxes? And what about the Indian government? Will they deduct another 30 cents leaving me 40 cents for every dollar I earn? This guy has a nice confusing take on the issue. Anyway, I guess I won’t know for sure till I get paid that first one dollar. I think this could be a while as I haven’t really been active on Medium for some time now.
There’s a catch in getting paid. It seems Medium changed the way writers get paid while I was away. Claps don’t matter any more. It’s the time a reader spends on an article. Medium claims they are improving how they calculate writer earnings. But something tells me it could be more about improving Medium’s bottomline. Whatever, it’s Medium’s platform, and they can do as they please. After all, if writers here find it unfair, they will leave, and Medium will quickly change its tune. Anyway, that’s not in our control so there’s no point wasting time over it.Improving how we calculate writer earnings In Medium’s Partner Program, writers earn daily through a new model to reward quality writingblog.medium.com
What I did have to do was make sure my articles are eligible to get paid. It seems there was yet another catch. Or rather two catches.
The first was whatever I had published prior to my joining the Medium Partner Program wasn’t eligible to earn money. The workaround is you have to go back to your old articles, switch back to edit mode, tap on the three dots, scroll down to Manage distribution setting and then tick the pop-up.
The second catch is that ‘stories published before Medium implemented its new recommendation system, will not be sent to curators for review’. I clicked ‘Yes’ just to check how well the article would do without curation.
Anyway, this post is technically the first post I’m writing after I joined the Medium Partner Program. It will be interesting to see if this post becomes eligible to earn money. Or does a story have to be recommended by Medium and go behind the paywall before it is eligible to earn.
Maybe in a few days, I will have some clue as to how this thing works.
Or any ‘use-&-throw’ battery-powered bluetooth headset
Wired headsets are earth-friendly unlike their wireless brethren (Photo by Juja Han on Unsplash)
This morning, I read in the news that Apple’s $24 billion wearables and accessories business (Apple Watch, AirPods, and HomePod smart speaker) is set to become Apple’s second-largest business, surpassed only by the iPhone.
That set my alarm bells ringing. Just yesterday, my 7-month old, fully charged Bluetooth headset conked off 30 minutes into my one-hour workout. Unfortunately, like most bluetooth headsets, its batteries can’t be replaced so it’s just e-waste. This kind of stuff is what makes 16-year old Greta Thunberg scream blue murder at me for daring to steal her generation’s future. I can relate to Greta’s outrage as my own kid’s favorite word is ‘unfair.’ We need to do our two bits for the planet we are leaving our kids.
Apple claims to be environment-conscious, and even offers to replace AirPod batteries, but at an exorbitant cost which is just a few dollars less than the cost of a new set of AirPods. The fact that Apple removed the audio jack from iPhone 7 onwards makes it obvious that their intention has always been to push us to buy new AirPods. So all that environment talk is just eyewash.
Anyway, Apple stopped revealing how many units of their products they sell. However, it’s estimated they sold 35 million AirPods in 2018. The famous Apple tracker, Ming-Chi Kuo estimated back in 2018 that AirPod sales would cross 100 million units in 2021. Those AirPods didn’t even have noise-canceling or sweat proofing. With the improvements in AirPods Pro aimed squarely at the massive ‘workout’ market, I’m guessing sales will probably touch or cross that 100 million mark by 2020 itself.
Expect 100 million AirPods to be trashed every 18 months
The elephant in the room is the life of AirPods. This article says you can expect AirPods to last for 18 months. So every 18 months, you can expect 100 million AirPods to turn into toxic e-waste.
Dead AirPods will quickly add up to create an environmental catastrophe (Photo by Andy Kuzma from Pexels)
I’m afraid to even try to visualize the massive scale of the environmental disaster that is the AirPod.
This site dramatically illustrates the scale of e-waste with a scary analogy.
We generate about 40 million tons of e-waste every year. This is equivalent to throwing out 800 laptops every single second.
Switch back to wired headsets
Tiny drops make an ocean. If we want to preserve our planet for our kids, we need to do whatever we can, no matter how insignificant it seems.
Avoiding bluetooth headsets could be one such tiny step that makes a huge difference. I think we should go back to wired headsets even though those wires can be a big pain in the neck, and elsewhere. Besides, wired headsets have other advantages other than being environmental-friendly.
One less device to charge
As more devices go wireless, charging them has added unnecessary stress to my life. That’s because the battery experts say you shouldn’t either overcharge or undercharge your devices, as this will shorten their batteries’ lives. From what I could understand, it seems the ideal charging range is between 20–80% if you want to play safe (or 65–75% if you are an OCD type).
This has turned my relaxed ‘plug it & forget it’ life into a stressful ‘plug it & check it’ life. I did discover a battery alarm app for my Android that warns me when the charge reaches a preset level. Sadly, these apps only seem to work on iOS and Windows if the display is on, which is impractical.
I really don’t need another device that requires daily charging.
Better Sound
Music on wired headsets usually sounds better because Bluetooth tech compresses sound files for quicker transmission, so it doesn’t match the original sound quality. I must admit this difference is less noticeable as Bluetooth tech improves, with many headsets now having the latest aptX tech. AirPods sound quality is good but even Apple doesn’t claim it’s great.
You can easily test the sound quality on your bluetooth headset. Play a song on it, and listen carefully. Midway through the song, plug in a wired headset into your phone. The song will automatically continue playing on the wired headset. Listen to it. Depending on the quality of your headset, the clarity and improvement in sound quality can be surprisingly noticeable.
Latency, or delay in sound
Ever notice how things often seem to be out of sync when you use a bluetooth headset with your TV? That’s because using bluetooth causes a short delay between when an audio signal is sent and when you actually hear it. You won’t notice it when listening to music as it’s just audio. But if that audio is part of a video, like when you’re watching TV or playing a game, that delay may sometimes cause your sound to be out of sync with the video.
Not a good experience.
Pairing Pains
Unlike wired headphones where you just plug in and are good to go, bluetooth pairing can sometimes be a nightmare. I recall how intensely grateful I once felt on managing to pair my wife’s iPhone to her car’s music system in an amazingly fast 30 minutes.
I must admit this is one area where AirPods excel as they connect almost instantaneously to your phone.
Less Pollution
The chemicals in bluetooth headset batteries are toxic and don’t degrade easily. Wired headsets don’t have batteries. The wires and plastic components do contribute to e-waste, but they are not as harmful as dead batteries.
Less exploitative
Wired headsets use fewer elements than wireless ones so making them is far safer. AirPods use plastic and rare elements like tungsten, tin, tantalum, lithium, and cobalt. These minerals are mined by impoverished people who are paid unlivable wages to work long hours in dangerous conditions. Assembling the final product in China is an equally exploitative exercise. This article on the subject (which I already linked earlier in this post), is an eyeopener.
Durability and longevity
Wired headsets usually last for a long time, so in this sense, they are less polluting than wireless headsets. The ten-year-old wired earpods that came with my old iPod still work. The only reason I stopped using them for my morning runs, is because they aren’t sweat-resistant.
Apart from physical durability, there’s the tech that forces us to keep upgrading. Each new generation of bluetooth can do stuff the previous generation couldn’t, and it’s not just less power consumption. Take my old iMac (2011 model). Its version of Bluetooth does not support airdrop. Transfer of files with my Mac is a painful experience as compared to the seamless and almost instantaneous airdrop transfers between my iPhone 6S+ and iPad (6th gen). Such compatibility issues are rare with wired headsets as their hardware evolution peaked many years ago. Since then, improvements if any, have been minor.
Bluetooth devices also have more parts like batteries and charging ports which make them more susceptible to damage. I believe a leaky charging port on a rainy day is what ruined my bluetooth headset even though it’s rated as IPX4 sweat and splash resistant.
No Radiation
Bluetooth radiation is nowhere as strong as cellphone radiation but it’s still too new a technology for science to understand its longterm effects. This is especially relevant to something that’s stuck up close to your brain like the AirPods. In short, you are serving as an unpaid guinea pig for Apple and the bluetooth devices industry. Just so you know.
Convert wired to wireless
If you need bluetooth only occasionally like when driving, you might want to consider an audio receiver. Just plug your wired headset into this tiny device, which has a built-in bluetooth that helps it connect wirelessly to your phone. It usually comes with a microphone, and can be clipped on to your shirt lapels. In effect, it converts your wired headset into a wireless one whenever needed. (If your phone doesn’t have an audio jack, this can also serve as a wireless alternative to using a dongle/adapter).
Of course, this means you have all the usual bluetooth headaches like pairing, charging, and so on. The advantage is that if you run out of charge, you can simply unplug your wired phones, and plug it directly into your phone (assuming it has an audio jack). The battery life and sound quality of these devices are so-so. But if you are okay with that, it sort of gives you the best of the wired and wireless worlds.
More bang for your buck
The new AirPod Pro costs $249 in the US, and a mindboggling ₹24900 in India, which is like $351. Even if the AirPods can do miracles, that price in India is way too exorbitant for what is just a headset!
I first tried out a bluetooth headset when prices started dropping. That first headset was a Chinese brand whose biggest plus was its low price. Surprisingly, it worked for over a year. This prompted me to upgrade to a sports (sweat-resistant) bluetooth headset, this time from Xiaomi, another Chinese brand, which is currently the top-selling mobile phone brand in India. Xiaomi is usually reliable, but this headset was a lemon.
As you can see (below left), I got the Xiaomi a little over six months ago for ₹1499 or $21. But its promised 9-hour battery life on a full charge is already down to 30–45 minutes. Seeing it was failing and out of its 6-month warranty, I got a wired replacement (below right) on a sale for ₹449 or $6.5.
Photos by babulous
I have taken this wired headset out on two runs (one in the rain) and it’s good value for my money. I get noise-canceling, good sound with decent bass, sweat/water resistance, tough, tangle-free cords, a mic, volume control buttons, and clip to attach the mic to my shirt.
It also has ‘sound transparency,’ that hyped up feature of the AirPods Pro where you can hear ambient sound with a tap. Works a bit differently on my headset, though. You just loosen the earplugs a bit to unseal the sound insulation of the silicon earpieces. The hooks ensure the headset will not fall out, while at the same time ensuring all ambient sound is audible to you.
The cons as compared with the Xiaomi are the headset has wires, double-pressing the volume buttons won’t skip songs, and a straight audio jack pin (which is more damage-prone than an L-shaped pin). However, at 2% the price of AirPods Pro in India, I have no complaints.
Conclusion
Some day, bluetooth headsets may work without built-in polluting batteries. When that day comes, I will switch back to wireless headsets.
For now, I will continue living in my entangled world of wires.
I have a strange relationship with the sea. Its waves have always been crashing in the distant background of my life. Four of the six places I have lived in for long periods are by the sea. My home state in India is just one narrow strip of land that runs along the Arabian Sea. So you would think I would be at home on the sea.
You would be right and wrong. The sight of the ocean always makes my spirits rise, but I fear it too. It somehow seems to me to be like a baby elephant gambolling around with an ant-sized me, and now and then accidentally stamping on the said ant.
The first time this happened was when I was still in my teens, splashing around with my brother in the knee-deep waters on a picturesque beach called Kovalam. He’s always been scared of water so he stayed at the water’s edge. As I was running around, I made the elementary mistake of turning my back on the sea. It was just for a couple of moments but it was enough time for a rogue wave to sneak up on me, pick me, and toss me headfirst into the sand in such a way that the top of my head was stuck in the sand facing one way, while my body was being violently tugged in another direction by the swirling current. I didn’t know which was worse, the excruciating pain in my back or the fact that I couldn’t breathe or call out for help as my head was underwater.
Finally, the wave stopped tugging at me in that momentary stillness between two waves. I untwisted my back, pulled my head out of the sand, staggered to my feet, and stumbled away from the sea as fast as I could. It was only then that I observed that the other beachgoers weren’t venturing into the sea. Though my back hurt badly, my ego was hurt worse so I didn’t tell anyone about what had happened.
It was six months before my back stopped aching, and I was a lot more wary of the sea from then on, completely staying away from it during the monsoon season in India when the waves became rough and unpredictable.
Sometime later, I moved to UAE, a country partly built on the oil wealth of the Abu Dhabi Emirate. Maybe it was that oil, but the seas of UAE, or rather the Jumeirah Open Beach that I used to frequent were usually remarkably calm, and more like a swimming pool, than an ocean. Slowly my fear of the ocean receded, and I would swim out into the clear calm ocean, a 100m from the beach, which was a big deal as I have always been terrified of sharks.
There was another factor. My daughter had developed a case of eczema. Our pediatrician’s opinion was she wasn’t building up her immunity as she was always indoors. He recommended we avoid treatment, and instead expose her to the germs and dirt of the great outdoors. So every Friday (weekend in Arab countries), I would religiously dunk her in the sea. Kids love water. By the time she was six, she had become an accomplished swimmer, was winning races at school competitions, and relished her weekly visit to the beach.The pediatrician was also right about the eczema as it disappeared, never to reappear.
Anyway, one day, my kid’s 14-year-old cousin comes visiting, and I take the two of them down to the beach. The waves seem a bit larger than usual but there are lots of folks enjoying the time-honored thrill of riding up waves just before they break. Since her cousin is only there for a short visit, I decide to let the two kids splash around on the shore in knee-deep water in a relatively calm part of the beach, while I stay between them and the sea.
All is well for a while. Then the ocean swells and rises, and suddenly we are all out of our depth. I try to swim back but there is an undercurrent pulling me seaward, and I have to swim as hard as I can to stay where I am. I see the panic on the little boy’s face and I fight to keep my face calm as I hold on to him and struggle to maintain my position between him and the deep sea.
My fish of a daughter swims around me, sensing the danger, but not wanting to leave me and head to the shore though I quietly ask her to. My arms and legs begin to tire with the effort of holding the two of us in place. And then the wave ebbs away for a moment, and as my feet find firm ground, I grab the two kids and get out of the water.
The kids aren’t too sure what just happened. So I tell them the sea is behaving unpredictably, and it’s better to stay out of the water. They don’t argue and get round to building sandcastles; they too have felt the dark power of the ocean.
The next day, I wonder if I had overreacted. Till I look at the newspaper, and read about someone drowning on the same beach later that same day. We did go back to that beach after a while, and kept going back as long as we were in Dubai. But if the waves looked rough, we never ever ventured into the water.
That timely reminder of our insignificance before the might of Nature had served its purpose.
Medium won’t pay writers from poorer countries and yet blocks our readers with a paywall, which is why all my stories on Medium now have a linked, freely accessible copy on WordPress
Posting copies of your Medium stories on your WordPress website is easy and takes just 6 minutes. Creating that WordPress website is a one-time thing, and takes even less time at 5 minutes. And it’s all free. So why should you go to all this trouble? Because you want people to read what you write, right?
Medium does not pay writers from less developed nations but has no qualms about taking our money
Fiction: This maps shows countries where Medium pays writers (via Stripe), and includes India.
I’m a Medium member based in India. This morning, I realized the credit card linked to my Medium account is due to expire. So I go to the settings page in my Medium account to check if I can update my card details. I find the button saying ‘Use a new card’ but also notice another button that says ‘View billing history.’ Out of curiosity, I click on it, and am presented with a long list of $5 monthly payments starting from March 24, 2017. Two years, or 25 months to be precise. Which add up to $125 (₹8,645) in membership fees, as of today. That makes me pause, and take stock of what I’m getting for my $125.
Discriminating by where you live
Medium has a partnership program that pays writers on the platform. This program only pays writers located in 23 countries, which are mostly wealthier nations. Writers living in the less developed parts of the world don’t get paid because Medium’s payment partner, Stripe, does not offer its services there.
In short, Medium avoids paying writers purely based on where they live. That’s just not right.
Medium claimed to be working at resolving the issue. But a year has gone by since that previous post of mine, and there’s absolutely no progress.
The deafening silence of double standards
Having two standards for writers on Medium who pay the same membership fees is blatantly unfair. What’s particularly damning is Medium’s deafening silence about the issue of these unpaid writers. I went through the Medium’s own blog. There’s not even a mention or discussion about unpaid writers. It’s like we don’t exist. This would imply Medium is aware of the issue, but hoping it will go away if they keep ignoring it.
Assuming Medium is really unable to pay writers from these blacklisted countries, then why not reward them in some other way?
Here’s a suggestion.
Writers from blacklisted countries should have their ‘claps’ evaluated in the same way as their luckier non-blacklisted counterparts in the US. When or if that value equals $5, it should be used to pay their monthly membership fee for the next month. Anything above $5 can be credited to their account, and paid when Stripe sorts out its payment issues. It may not be much, but it’s at least a good gesture on Medium’s part.
Now if I could come up with that thought without even pausing my typing, I’m sure the boffins at Medium should be able to do better. If not, fire them and hire someone with brains, and make sure they have a heart too!
I’ve always believed in the natural goodness of people. I feel if people have a choice, they usually do the right thing. So when Medium said they were trying to sort out the issue, I gave them the benefit of doubt, and continued paying my membership fees for two whole years.
The good, the bad, and the Medium
My relationship with Medium began in 2015. I came upon the site purely by chance, and straightaway fell for its unique blend of clean design and ease of writing and publishing. I liked the platform so much that I posted a whole bunch of articles over the next year, and wasn’t too bothered if anyone read it or not. At that point of time, Medium hadn’t as yet introduced membership fees or put up the paywall. So money didn’t come into the picture. In fact, there wasn’t really anything in it for me except the joy of writing whatever I wished, like this story of a stolen iPod.
Three years later, my stats on Medium say I have written 323 stories. Since Medium labels my responses/comments on stories as individual stories, my guess is the real number of my published stories would be closer to 200.
That’s still a fair bit of writing and shows my involvement with the platform. Like any business, I know Medium needs an income to survive. I also realize that Medium is trying to do something that hasn’t done before, so there are bound to be mistakes. So I have not been worried about their changes of direction. Like when they initially allowed advertising on the platform to generate revenue, but later reversed their decision and moved away from advertising towards a paywall. Most of all, I find it commendable how they have worked out a system to pay writers from the monthly fees of Medium members. The ‘clap’ system isn’t perfect but I’ll give Medium points for trying.
What I don’t appreciate about Medium is the above-mentioned discrimination. Why do they do it? Did things change once Medium started making money from its membership fees? As the song goes, ‘Money changes everything.’
Incompetent Partner
Medium has tied up with a payment platform called Stripe to pay its writers. When you try to join the Medium Partner Program (through which Medium pays writers), you will be directed to Stripe, which claims to be available in 32 countries. Of these, 23 are developed countries. Users in those nations can use Stripe for their financial transactions without any restriction.
India appears in a second list and is even there on the Stripe’s map of countries that it’s active in (see title image). This seems to imply that users can get a Stripe account ‘invite’ on request. That is deceptive as I’ve requested Stripe for an invite several times over the last year. Forget invite, I have yet to even receive an acknowledgment of my many requests from Stripe. If you ask me, Stripes’ ‘invite’ is pure eyewash.
India has countless freelancers in diverse fields who take on jobs from companies based outside India, including the US and Europe. They get paid using the many financial platforms that are available. I have covered this subject in detail in my previous post written more than a year ago. Since then, many more options have sprung up to transfer funds to India. This includes Google Pay, which incidentally Stripe uses.
One of my neighbours, an elderly lady, has a daughter who lives in London. Twice a week, the daughter has fresh groceries delivered to her mother in India, while paying for it from London. If an individual can do this, why is it so hard for Medium to make regular payments overseas? More to the point, if Stripe can’t arrange payments to India, they must be extremely incompetent.
This is what makes me skeptical about Medium’s choice of a partner. Is Medium unaware of how incompetent Stripe is? Or is Medium deliberately sticking with Stripe to have an excuse to avoid paying writers in India and elsewhere?
Fool me twice, shame on me
Enough is enough. Doing the math today, made me pause. Two years is a long time to resolve an issue, and $125 isn’t peanuts for someone living in India. There’s a difference between giving Medium the benefit of doubt and being gullible, and I suspect I’m in the second category.
I wrote my previous post on this issue a year ago, at which point I had already paid Medium membership fees for a whole year. Since then, I have paid up a second year of membership fees, and I’m still swallowing Medium’s line of ‘working on it.’
As the old saying goes, ‘Fool me once, shame on you; Fool me twice, shame on me.’
My patience has run out, and it’s time to consider my options.
Option 1: Get a proxy
I do have a simple workaround to get paid. Just ask someone based in US or any of those other 23 countries to collect Medium writer payments on my behalf, by registering their bank account number on my Medium account. In fact, my brother who lives in UK volunteered to do this.
I’m lucky I have a trustworthy resource who is willing to do this for me. But what about the other writers who do not have access to such resources? Not to mention the fact that my brother will have an additional headache while filing his tax returns. So I thanked my brother, and said no.
Medium needs to pay all writers, and I’m not giving them an easy way out.
Option 2: Get a Stripe business account
When I first found that Medium wasn’t paying writers outside the US, I wrote to Your Friends@Medium. They suggested I use a Stripe business account.
Obviously, there’s a catch. It’s horrendously expensive. I checked this out when I wrote my previous post a year ago, and I’m sure the figures will still be similar or probably higher. Here, let me quote from my earlier post.
You basically need to start a US company, which comes at an incorporation cost of US$500, a running cost of $25 per month, a yearly fee of $100 for an agent, plus other sundry costs like $349 for legal advice, and $250 for tax preparation.
This is a ripoff. Let’s move on.
Option 3: Cancel my Medium membership
Option 1 & 2 are not working for me. So canceling my membership seems to be the only way forward for me.
What do I lose by canceling my membership?
How will canceling my Medium membership affect me? From what I understand of the Medium Partner Program, if a writer wants to get paid, he or she has to become a Medium member (kayue tells me this is not true – see his response to my post below). That argument is irrelevant as Medium is anyway not paying me.
How will I be affected as a reader on Medium? To be frank, I have no idea. Like I said, I began writing on Medium before the paywall came up, and was a member after the wall rose. So I don’t know what life beyond Medium’s paywall feels like.
From what I vaguely recall, non-paying members are restricted to three articles a month. I’m sure there are loopholes to get around this restriction, but why take the trouble to do that? Far easier to look elsewhere for good content.
What else? There’s a possibility Medium could kick me out for publishing this post filled with unpatriotic thoughts about the mother platform. It’s a good idea to always be prepared for the unexpected. Hang on for a moment, while I back up all my posts on Medium.
Done.
Advertising blues
At one point, advertising was the preferred source of income for any enterprise on the net. But the world turned against ads once they started popping up all over the place, driving readers crazy, influencing editorial, and incentivizing companies like Facebook to steal our private data, and change the course of history. That led to the rise of ad blockers and the like.
Medium seems to be riding this anti-advertising wave when it decided to remove all advertising from its platform. Personally, I think it’s a good thing, though it does cut off a valuable source of revenue for Medium.
My point is Medium’s paywall was inevitable.
Paywalls are the future
Facebook is still making billions from ads, which means advertising is adapting to survive in a changing world. But Facebook’s change of focus towards merging and encrypting its three messaging platforms (WhatsApp, Instagram and Facebook Messenger) seems to indicate Facebook knows change is inevitable.
Google has shown how our data can be used responsibly. I have been using Google products for many years, and they have enriched my life in many ways, without misusing my data, fingers crossed. The search engine Duck Duck Go has also shown how advertising based on ‘search keywords,’ is a viable business, though not as wildly profitable as data sharing.
However the fact is people are becoming reluctant to trust ads, and more open to the idea of paywalls. Publications like NYT have been successfully doing it for a while now, and many more have joined or will be joining soon.
So yes, paywalls are trending, and sooner or later, I’m going to have to subscribe to a paywalled publication if I want good reading content.
Medium is like a second car
As a reading cum paid-writing platform, Medium gets my vote and my money. But if I’m an unpaid writer, then ‘writing’ goes out of the equation, and Medium is in a different ballgame. Medium will have to compete for my $5 with other publications, purely based on the quality of its ‘reading content.’
I agree Medium has great original content, but it can’t be my first choice. To use a metaphor, Medium is more like a second car than your everyday workhorse, and I speak as a writer on Medium, who loves the platform. (Point to note: lots of people manage with just one car.)
Take the just launched Apple News app. From what I hear, it’s managed to include some of the world’s top publications and will cost $10/month in the US. It may take a while to reach India. My guess is it may launch for as little as $2/month* in India. Why would any reader pay $5 for Medium’s content when they can get Apple’s far richer content at around the same price?
*Here’s how I arrived at that $2/month pricing estimate for Apple News. India is an extremely price-sensitive and complex market. A look at the music industry is quite revealing. Apple Music in India costs costs just $1.75/month (₹120) as against $10/month in the US. Even at this price, Apple Music is barely competitive. Spotify’s Premium version costs ₹129/month, while the basic Spotify is free. JioSaavn has a free version for users of the Jio cellular network, while JioSaavn Pro version costs ₹99/month, which is the same as Gaana and Wynk. Then there’s Amazon Music. I subscribed to this at ₹1000 or $15/year (₹129 or $2 /month) because it’s part of the Amazon Prime package deal, which also includes the usual free delivery for Amazon Prime shopping, movie/ video streaming on Amazon Prime Video, books on Kindle, and more. I must add that Apple has learned this lesson the hard way, with its exorbitantly priced iPhone having a minuscule 1% of India’s cellphone market. As for ‘news’ itself, it’s highly subsidized in India. My 16-page hard copy of India’s leading English daily newspaper, ‘The Times of India,’ costs me ₹120 ($1.75)/month.
Time to take a stand
To sum up, I don’t lose much by canceling my Medium membership. I can still write and publish (and not get paid) as usual on Medium. Reading will be a pain with the three articles a month restriction. I’ve heard there are loopholes to get around that, like visiting via Medium’s Twitter page. Even so, the constant nags to sign up for a Medium membership will be a major irritant. I’m seriously tempted to just pay up by the $5 and stay inside the paywall.
No pain, no gain.
Medium needs fee-paying writers like me, more than we need Medium. So if more fee-paying writers stop paying (hint, hint!), Medium is more likely to get their act together and do the right thing. As they say, money talks.
I’m not holding my breath. On April 24, 2019, my next payment to Medium will be due, and it will bounce as I don’t plan to update the expired credit card linked to my Medium account. And Club Medium is going to lose a member.
After all, if I don’t stand up for myself, who will?
Phishing is the term for an attempt to steal our digital info and use it to steal our money. I assume it’s called phishing because it resembles fishing. A bait is dangled before the intended catch with a hook hidden in it. This usually happens in the form of a call or message assumed to elicit my user info. I used to think only a fool would fall for such attempts. But a couple of close shaves have made me aware that even the smartest of us can be easily taken for a ride. Let me illustrate with a few incidents where I was the target.
Anyway, it began with this call I got from an unknown number claiming to represent a verification agency for Amazon. He said he was calling to check if I had applied for increasing my credit limit on Amazon Pay. I had done this, so when he requested me to come on Google Duo (video chat). Once I came on the video chat, the guy who looked like a friendly sort, held up his visiting card for me to check as proof of his identity. He asked me to hold still for a mug shot and then asked me to hold up my Aadhaar and PAN cards so he could scan them. I did all that he asked without a second thought, and the entire encounter was over in a couple of minutes.
It was only after I put down my phone that I realised what I had just done.
My heart thudding violently, I paced around trying to clear my head. I needed to figure out the ramifications of what I had done, and limit the damage. I knew speed was of essence. Like if a credit card is hacked, the faster you block it, the less chance the hacker has to run up huge spends on it.
Was something similar possible with my ID cards?
Google directed me to UIDAI, the Indian government site, which lets me lock the usage of my Aadhaar card to prevent biometric verification. There was no such option for my PAN. However, being able to do something instead of nothing, was such a relief that I finally calmed down.
As I began thinking clearly, it struck me that preventing biometric verification didn’t make sense. The hacker doesn’t have my eye scan or my fingerprints, so why block him from using biometric verification with my Aadhar? However, UIDAI wouldn’t offer this facility for no reason. It could probably be a last line of defense in the remote possibility that the Aadhaar server itself is hacked and all biometric info on it leaked. Or maybe, a thief can steal something I have held in my hands, and pick up fingerprints and use it. Sounded more like a Hollywood movie than real life though. But then, the Indian government does move in weird ways its wonders to perform. And they do do wonders, like when the Indian economy was relatively unaffected in the last giant financial crash when the US economy nearly went for a toss (Grammarly says ‘do do’ is incorrect. I disagree, but will admit I didn’t know it was possible till it typed it. Oops, sorry for the detour.). Anyway, a bit more digging around on the UIDAI site reassured me there was not much a hacker could do much with just my Aadhaar card.
Since there was nothing more I could do, I called Amazon, related my story, and gave them the number on which I received the call, as well as the name of the guy, and this supposed verification agency. The Amazon lady put me on hold, and after an agonising five minutes, confirmed the number was genuine, and the agency was indeed contracted by Amazon. It was only then that I stopped sweating.
Much ado about nothing, but it had been a very stressful 45 minutes.
I mention this incident to illustrate how easily even a reasonably, tech-savvy guy like me, acted like a complete nincompoop and gave away vital info. All the caller had to do was say the right words. In this case, the words were, ‘…in response to my request.’ Most of us have usually requested for something or the other, and it’s easy to fall for this con. I think it’s something to do with our human psychology to assume things. This is a favorite tactic of phishers, and I actually know a guy who fell for it and had his bank account cleaned out.
As for real phishing attempts, the first such one happened quite a few years ago around the time banks first started going online in India. Having an ‘early adopter’ mindset, I was quick to hop on the bandwagon. Then one day, I received an email which seemed to be from my bank, asking me to update my info for better service. Seemed a genuine request so I clicked on the link and was taken to what looked like my banking login site. If I had entered my user name and password, the phishing attempt would have succeeded, and the hacker would have been able to access my bank account. However as I was new to online banking, I was ultra-cautious and always checked the URL on banking sites. So I noticed that it did not display the secure (locked) symbol, and was not https. On taking a closer look, I noticed that though the URL had my bank’s name, it read ‘banknameinfo.com’ instead of ‘bankname.com.’ It was a subtle and almost unnoticeable change, designed to fool a layman.
I went back to check the email that had fooled me in the first place. They had copied the bank letterhead perfectly, complete with logo. Usually, the language of the letter is a giveaway but this one was grammatically correct. Guess it was my lucky day as I was alert enough to spot it at the website level.
Please note this phishing email happened on my Mac. So don’t assume you are safe because you use a Mac. An antivirus may have spotted this mail before I opened it. I learnt my lesson, and installed Sophos on my Mac that very day. Besides phishers are not the only danger. Malware from emails and websites can install on your machine, and steal your banking info. Better safe, than sorry. I must admit my Gmail has grown a lot smarter now. It probably diverts such emails to my spam box, which may be why I rarely see such stuff anymore.
Phishers often try to use new developments to make their pitch credible. An example is the time a few years ago when all Indian banks were required to update their credit cards with the embedded chip technology.
Anyway, I got a call from a guy who claimed to be from my bank. He said I needed to update my credit card with a new chip-embedded card. When I mentioned that my card was already a chip card, he said there was a technical issue with that particular chip, and the card had to be replaced. He then asked me if my card was a Visa or MasterCard, and informed me that the card number would start with 4 if it’s a Visa and 5 if it’s a Mastercard. After thus lulling my worries with his friendly expertise, he casually asked me to read out the remaining digits of my card number. It was only after I had read out the first eight digits that I realised what I was doing. I stopped and asked him why he wanted my credit card number. He told me not to worry as he wasn’t asking for the CVV. But my antenna had gone up. So I deliberately gave him wrong numbers for the remaining 8 digits and googled his phone number while I was talking. It came up flagged as a scam. Meanwhile, the guy wanted me to doublecheck and read out the numbers again. I insisted it was correct, and told him to come on a Skype and read the numbers directly from my card. I’m not sure why I said that but it may have been curiosity to meet a real-life crook. Sadly, it was not to be. Something must have given me away because the guy abruptly cut the call.
So how do we tell when we are being phished? Though they keep changing their tricks, there are some ways to spot a phishing attempt.
Phishers usually try to pass off as if they’re from a company we know or trust. It was a bank with me, but it could also be websites and apps where you make online payment. They often try to con us with a story to trick us into giving them our data, click on links or open attachments. The phisher tried the credit card chip upgrade story with me. Other stories they favor are telling you they’ve noticed some suspicious log-in attempts on your account, or a problem with your payment credentials or you are eligible for gifts or refunds. Once they feel they have hooked your attention, they go for the kill, asking you to confirm your personal info or click on a link to make a payment.
It’s been a while now since I have any such encounters, but I can tell you I’m not missing our friendly, neighborhood phisherman.
It’s now been a while since I have tapped on the ‘Forgot password’ link. That’s because these days, my iPhone creates complex passwords, stores them on my phone, and recalls them whenever I need them. I wasn’t initially comfortable in putting all my trust in machines but was willing to give it a shot.
Turned out it was good in theory, but it can sometimes backfire. Like when my phone charger conked off while I was traveling. If I knew my passwords like I once used to, I could have borrowed a phone for essential communication. I think I did have an option of accessing my password manager online or on public WiFi, but that wasn’t a risk I wished to take. I ended up buying whatever unbranded charger was available in that remote place, and hoping it wouldn’t fry my phone before I got home.
After that incident, I took back control of my passwords, and can now access all my key accounts without the help of my digital assistants. I must admit I’m not one of those guys with a photographic memory. My system only works because I have just a handful of accounts that I rate as key accounts. There’s no way I can memorize and recall more than half a dozen passwords.
Anyway, for unimportant websites or whatever, I will let my iPhone handle the password management. But for more important accounts, though I still depend on my password manager to store all my passwords, I don’t let it create passwords anymore. I do that myself.
Here’s the technique I use to make sure these self-created passwords are hard to crack but easy to recall.
Finding a catchy phrase
I start with a phrase that’s easy to recall. Next, I change it slightly to make it nonsensical and end by encrypting it. The final password has to meet the typical password requirements. At least eight characters: with one being in uppercase, one in lowercase, one is a number, and one a symbol.
Annoyingly memorable
Anyway, I have recently been getting an overdose of this annoying ad jingle repeatedly playing on the kids’ TV channel in India. It ends up with a ditty that goes like ‘Mamy Poko Pants.’ Though it was an irritant, it was also catchy. So I knew it would be easy to recall. However, if I used that phrase as it is, even Google would be able complete the phrase before I finished typing it.
Making it make sense only to me
As I mulled over what to change it to, an old Hindi song popped up on my phone’s playlist. The song was called ‘Pappu can’t dance, sala.’
Hmm, ‘dance’ rhymed with ‘pants’ so it could replace pants. My kid dances well. Her mother doesn’t. Mamma, mummy, mammy… Mamy can’t dance.
Good recall value, but it didn’t have the rhythm of ‘Mamy Poko Pants.’
Mamy don’t dance. Still not working. The tune sounds closer to ‘Pappu can’t dance.’
Wait a minute, the word for ‘don’t’ in one of the Indian languages is ‘noko,’ a word that rhymes with poko. So we have Mamy Noko Dance.
Sounds good. It syncs perfectly with Mamy Poko Pants. No hacker is going to dream that I used a Marathi word for ‘don’t.’ Better still, it’s grammatically wrong in Marathi, as the correct usage would be ‘Mamy Dance Noko.’ At least, I think so because I don’t really know Marathi, which is again good!
If I can visualise it, I can recall it
The key factor is this password is easy to recall. I have to just picture my wife dancing, and I have a perfect reference photo to that in my mind.
So ‘Mamy Noko Dance’ is our phrase.
Now we need an encryption code. This has to bring in numbers and symbols. We already have alphabets in upper and lower case.
Amateur coder day: numbers
What I’m going to do is substitute a few characters in my phrase with numbers and symbols set to an encryption rule. As I’m creating this rule, only I will know it.
I consider a number rule that replaces the first letter of every word with its number equivalent from my alphabet code key. This would be the unique sentence with all 26 alphabets, ‘The quick brown fox jumped over the lazy brown cow.’ (T is 1, h is 2 , etc). But it means I lose all my capital letters.
How about if I change only the first word? So ‘Mamy Noko Dance’ becomes ‘19amy Noko Dance.’ I think I can live with that.
Now all that’s missing are symbols.
Amateur coder day: symbols
My symbol rule could be all spaces replaced with symbols in some sequence. The keyboard sequence on the Macbook I’m typing on is ~!@#$%^&*.
I have a feeling that ‘~’ is not present on all keyboards, and may not be accepted. So let’s stick with !@#$%^&*.
Since we have only two spaces, our password becomes 19amy!Noko@Dance.
Amateur coder day: tester
Let’s evaluate it. The disadvantage is the password is not as strong as one generated by a password generator. The advantage is it’s still good enough to be rated as ‘very strong’ by any password analyser. But for me, the real plus is it’s possible for me to actually recall this from memory if I follow my rules.
Let me try.
19amy!Noko@Dance
Got it.
However, it’s not advisable to use one password across all my important accounts. And some sites also insist I change my password periodically.
Life is complicated
This complicates things but again, it’s something I have to live with.
What I can do is have versions of that password running across all accounts. Version 1 uses ! and @ as the symbols. Version 2 uses @ and #. Version 3 uses # and $. Like if I have three email IDs, I grade them as 1,2 and 3, and use those three passwords. After six months, I switch passwords, with version 1 going to email 2, version 2 going to email 3, and version 3 going to email 1.
Every year, I change my catchphrase, and create a new set of passwords for the year.
I have been using a similar system for a few years now, and I haven’t yet been hacked. I do admit that I have sometimes been confused between which of my important accounts was using which version of my password. So I have had to go back to my password manager for help. That only proves it’s good.
Anyway, if like me, you are not comfortable with putting all your passwords in one basket and relying on machines, you can try doing something similar.
Locking your SIM, making your accounts accessible only on your devices, and other ways to avoid SIM swap fraud
Photo by Paul Garaizar on Unsplash
The recent hack of Twitter CEO Jack Dorsey’s Twitter account using a SIM swap fraud has me worried. If a leader of the tech industry can be so easily hacked, how safe is an ordinary layman?
If your money is gone, it may be gone forever
What’s even more worrying is the case of a pensioner in Delhi who had ₹25 lakh or $35,000 stolen from his bank account. He was informed that he’s not entitled to any compensation. According to Indian laws, it seems banks and cellular operators are not responsible for his loss. Indian citizens have lost more than Rs 200 crores ($28 million) in cases related to SIM swap fraud.
Seems like there’s a Damocles sword dangling over our collective heads, and we are all pretending it isn’t there.
Is there a fix for SIM swaps?
Yes, there is, but India and US have not implemented it. All the government needs is rule that bank transfers should not allowed till three days after a SIM swap. This should be enough time to alert the SIM’s actual owner as his number will stop working once a fraudulent SIM swap happens. But this can only work if a cellular operator sets up a system to let a bank to query phone records for any recent swaps on SIMs associated with a bank account. That way, banks can always check before they allow a money transfer. In fact, many countries in Africa, as well as UK and Australia have implemented such systems, and it has reduced SIM fraud massively.
I don’t understand why India is not doing it as we have the tech. If I sign up for a payment app like Google Pay, the app asks for my phone number. Then in a matter of seconds, the app will tell me the name of the bank I have linked my SIM to, as well my bank account number. Now if the banks can share that info with apps, then why can’t operators share info about SIM swaps with banks?
Self-defense is our only defense
I was hoping that the coming of e-SIMs, might help us avoid this issue. But they could be just as insecure, and are taking time to go mainstream. Seems it’s up to us to figure out how to take additional precautions if we are forced to use our mobile phones as authentication devices.
You may say you keep very little money in your bank account. But that’s irrelevant. Why should you allow anyone to steal even a penny from you?
Now I’m a layman, and the rest of this post is all that I learned on my own, and the simple steps I have taken to avoid becoming a victim of SIM swapping. If I could do it, so can you.
In the West, SIM swappers are now focusing on crypto currencies
There are quite a few SIM Swap victim stories on the net. I picked this one up because the victim is tech-savvy, and yet was attacked (a crypto attack is similar to a bank account attack as both involve stealing money from online digital vaults). To go straight to his experience, watch from the 3.30 to the 6-minute mark. But the whole video is worth a watch, and his tips on preventing SIM Swap fraud align with mine. What I have done is try to give a total picture of SIM Swap fraud, and illustrate in simple terms, how to avoid getting caught by it. The above video covers the topic in brief. You have been warned;-)
Most of India use their phones to go online
SIM swapping is a serious issue in India as the Indian banking industry mostly uses cell phones as the secondary device for its two-factor authentication system. Like if you want to transfer funds from your bank account, you need an OTP (one time password) that is sent to your phone via SMS. On the surface, it seems a good idea as an OTP changes for every transaction, unlike a banking password which often remains the same for ages.
SIMs are not designed to be security devices
In reality, this system has some serious loopholes, simply because a phone SIM was never meant to be used as a security device.
Let me explain with the analogy of a household safe. The safe has only one door and one key. Unless a thief has that one key, he can’t unlock that safe.
Now imagine if that safe has infinite doors and infinite keys. That’s a SIM. If a hacker successfully does a SIM swap, he can create his own key (an OTP) and use his own door (his device) to enter the safe and steal your money.
Stay away from SIM OTP verification
As a SIM card is insecure by nature, the best way is to totally remove it from anything related to security. For instance, my Gmail used to have my phone number linked to it. This meant that if I forgot my password, Google would send an OTP to my phone, using which I could access my email account. But this also means that a SIM swapper can hack my email with those same OTPs.
So what I did was delink all of my email IDs from my phone numbers. Google no longer gives me an OTP option to access my email. I have instead asked them to rely on verification OTPs generated by my phone (the device itself, not the phone number) and my other emails. More about this later.
India is changing but it will take time
In India, the entire online financial system mostly runs on SIM OTPs with most transfers from bank accounts have to be authenticated by OTPs.
Fortunately, things are changing. SBI, the country’s leading bank gives an option of generating OTPs from an app which is linked to your device, and not sent via your SIM. The UPI system of money transfer also avoids SIM linked OTPs in favour of app-generated codes. But a transaction limit of Rs 10000 a month limits the utility of the system, and UPI may have its own issues.
Hopefully, other banks start following SBI’s lead, and SIM OTPs get removed from the financial transaction security loop. But till that happens, we will have to try to minimise the areas in our lives, where SIM based OTPs work.
How is a SIM swap done?
There are many ways a SIM swap fraud can happen. The hacker usually hacks your email or social media like WhatsApp or Facebook to finds basic information about a customer like his name, his addrees, phone number, pet’s name, where he studies, works, family details, and important dates (like birth and marriage). After that he uses his hacking skills, to get details like your ID, banking user ID and password, and so on. He uses these to create false IDs, get a duplicate SIM card issued from your cellular operator and finally intercepts your OTPs. Sometimes a SIM swap can be as easy as bribing someone at your network provider to get access to your details and apply for a new SIM. Hackers have also begun using malware on cellphones to extract user info, or redirect users’ OTPs to their own phones.
Anyway, once the fraudster convinces your operator, they deactivate your existing SIM, and issue a new working SIM with your number to him. The catch is your phone will go dead for a few hours, and this is likely to alert you. To avoid tipping you off, the hacker usually does the process at night, and gives you multiple missed calls in the middle of the night till you mute or switch off your phone, at which he begins the activation.
The rest is simple. Since the fraudster has already hacked your bank account, he now logs in and initiates a funds transfer to his bank account. The bank sends an OTP to verify the transaction to your phone number. As the fraudster has hijacked your SIM, he gets the OTP, and not you, and he transfers the money out of your account. By the time you realise your phone is dead, your bank account will have been emptied.
So how do you safeguard your SIM?
Multiple locks are one way to stay safe
The obvious thing to do is to make it hard to hack my phone. To continue with the analogy of a safe, I want multiple locks on my safe. So if a hacker opens one of those locks, he will still not be able to open the safe. And that may alert me, and give me time to prevent the theft. So increasing the level of difficulty to hack my phones is essential. After digging around, I figure that there are four increasing levels of security to protect my phone.
Level 1: Locking the SIM
In India, SIM cards come unlocked by default. I don’t really know how effective SIM locking is. But following the principle of ‘Something is better than nothing,’ I decided to figure out how to do it. Here’s what I learnt, and this is only for India. Other countries have similar systems and here’s a sample.
Caution Before you try locking your SIM, please be aware that a few wrong steps can erase the data on your SIM. In India, if you decide to change your SIM pin, the networks allow you three attempts to enter the right pin. If you get it wrong, you get a further 10 attempts to enter the SIM’s PUK number (pin unblocking key). After 10 wrong entries of the PUK, your SIM will be erased. That’s right. Your SIM will stop working. You will have no option but to replace it by visiting your network provider with your ID. That’s why networks keep a SIM unlocked by default. So please don’t try this unless you have your SIM card’s PUK numbers.
Like I mentioned, SIMs in India come unlocked, but have a default PIN. You can’t lock the SIM unless you know this PIN. The default PINs are set by the network provider, and so vary from network to network. On googling it, I found that it’s usually ‘0000’ or ‘1234’ for most service providers in India.
However, I was curious about how to get the PUK in case I didn’t know the default PIN. A bit more digging around told me it would be there on the original SIM packing. But I had thrown that away. The alternative for the Jio network is to register your Jio SIM on the Jio website, give your details, and then request your PUK from Jio.
To do this dial 199 from your Jio SIM, and follow the instructions.
Or follow these steps: Dial 199 and enter 2 for English; To skip the recorded rubbish, type 6; IVR will say you have typed an invalid code; Type 1 for repeat; Then 6; Then 2 for PUK; IVR will ask for your DOB in ddmmyyyy; Next it will ask for your Jio phone number; After which, it will recite your 8-digit PUK; Type 0 to repeat, and verify you got it right.
After this, go to your phone settings and change the SIM PIN. In my iPhone 6S+ running iOS 13, I found the SIM PIN in ‘Settings’ under mobile data->SIM PIN. See below.
On my Android (Poco F1, running MIUI 10, an Android Pie fork), I had to go to settings – >additional settings->privacy->sim lock. It will be something similar in most Android forks. Or you could just ‘search’ for sim lock in settings. See below.
So I started the process on both my phones, entered ‘0000′ for my Jio SIM. The phone rejected it, and said I had two more attempts. I put it ‘1234′ and it worked. There was option to change the default pin. As the pin can be longer than 4 numbers, I changed my SIM pin to a longer one. The longer it is, the harder to hack.
After changing the pin on both phones, I was a bit puzzled. Nothing seemed to have changed on either phone. Had I gone on a wild goose chase?
I tried restarting my phone, and there it was. A new SIM lockscreen which pops up after the regular lockscreen on my iPhone (It also appears before the regular lockscreen on my Android but I couldn’t get a screenshot as nothing works on an Android until I unlock the SIM). But you can see the iPhone version below. The Android version looks similar except it’s a black screen on my phone. Notice how the ‘Locked SIM’ icon on the top left, changes to the network’s name once I unlock the SIM.
Is an extra lock screen worth it?
I know it’s an extra effort to memorise one more passcode. Since my Android has a dual SIMs, I have to enter both the SIM lock pins, and the lockscreen code before I can use my phone. But since I was already mentally prepared myself for multiple locks, I was fine with this. In any case, I have to do this process only when I restart my phone, which happens rarely. But then again, I like to imagine the look on a hacker’s face after he’s gone to a lot of trouble to steal my SIM, only to realise my SIM is locked with a password that’s locked inside my head. Just the thought makes it worth it.
Does the SIM lock have a loophole?
Sadly, the answer is yes. I can think of three ways. A hacker could simply bribe an employee of the operator to give him the PUKs to my SIM, which would enable him to bypass my SIM PIN (this may have been the case in the video I linked above).
A second way is if my phone is stolen, the hacker can remove the SIM, and use the 19 digit ICCID number engraved on the SIM to get the PUK, and unlock the PIN. I don’t know how it works, but people kept telling me it can be done. Like I said, a SIM was never meant to be a security device.
A third way is if the hacker has already hacked my Jio.com online account and my email. All he has to do is make a request to Jio from within Jio.com account. Jio will then send my SIM’s PUK numbers to the email registered with them. Using this, the hacker can successfully do a SIM swap.
Looks like SIM locking by itself may not be enough to put off our hacker. I need to double down on securing my email, which is the weak link.
Level 2: Double locking my accounts
The technical jargon for this is 2FA or two-factor authentication.
This is when your account, say email, can only be unlocked if you have two codes. The catch is you know only one these codes. The second will be sent to you on request. The first is your password. The second is an OTP that is sent to one of your registered devices, whenever you try to access your account. This means a hacker can’t access your account with just a password. He needs the OTP too. Two factors.
Google has been pushing me all these years to go in for 2FA. I’ve ignored them as it seemed a bit of a hassle to set up and to use. But seeing how my locked SIM can be unlocked by accessing my email, I finally decided it was time to upgrade my primary email’s security to 2FA.
I’m doing the process on my phone. It’s not too complicated but here are the steps anyway. If you are on iOS, you will need to download the Gmail app.
Caution: Once you set up 2FA, accessing that account can sometimes be a pain. For instance, last night the Apple Mail app on my iPad was unable to access my freshly 2FA-ed Gmail account. It asked me to go into settings and re-enter my password. I did so, and was sent an OTP on my phone. For some reason, the OTP didn’t come through for 10 minutes. It’s not really a big deal as I could access my email on the Gmail app on my iPad as well as on my phone. But all the same, it was a hassle till the OTP arrived and things fell into place. My only consolation was if it was a hacker, he would have probably have gone nuts.
Anyway, first, I sign in to my Google account on my phone’s browser (I’m using Chrome here). Then I tap on my profile pic in the right top corner, choose the email account I want to protect, and tap on ‘Manage your Google Account.’ In the next screen, I swipe to the ‘Security’ tab, and then scroll down to where 2-Step Verification shows as ‘off’ and tap on it to toggle it on, and finally tap the ‘Get Started’ button.
After I verified my email by entering my password, Google next offered to let me use my phone (the number linked with my Gmail account) as the second sign-in step. To verify that it was I who was doing all this, Google then sends a ‘Google prompt’ to all the devices on which I am currently signed in on that Google account (in iOS devices, the prompt only comes within the Gmail app, probably because Apple will not allow such prompts at an iOS system level). After I confirm by tapping on the ‘Yes’ button, Google asks me for a second phone number as a ‘backup option’ in case I lose my phone.
At this point, I noticed that Google was also offering an alternative backup option. So I click on it. This option turns out to be a series of ten 8-digit backup codes, each of which I can use once. I preferred the backup phone option (for now) as I was quite likely to misplace those codes. So I entered my second phone number, and clicked on ‘send.’ Google sends me an OTP to check if the backup number is working. Once I confirm this, Google informs me I will stay signed on in the three devices where I’m currently signed in. To sign in on any other device, I will need to do a two-factor authentication.
To confirm, I try signing in to my email from my old Mac laptop, and am asked to check my Android device where a prompt has been sent.
I go to my Android and I find a ‘Google prompt’ similar to the one I got in the previous step of setting up the 2FA. I tap ‘yes’ on that prompt, confirming it’s me who signed in on a Mac in ‘XYZ’ place at ‘XYZ’ time. Only after I do this am I allowed access to my email on my old laptop.
My email is now double-locked, firstly, with a password I know, and secondly, with a OTP or Google prompt that is sent to one of my devices.
Feels good, but…
Does 2FA have a loophole?
Ok, I’m now getting into paranoid level. But I have always lived on the principle that ‘If you are going to do something, then do it well.’
My first issue is unrelated to hacking. What if I have access WiFi but there’s no cellular network for some reason? Will I be locked out of my email? It’s not that remote a possibility. I experienced it while traveling in Ladakh in the Himalayan mountains where cellular network is poor. Or what if I lose my phone? Will I be stuck till I get a new SIM?
However, the weak link is still the SIM OTP, which can be used to break the 2FA is the hacker already has the password to my email.
There are possibilities, and though they are remote, they are known to happen. What if the hacker hacks my cellular network provider’s database, and gets the PUKs for a whole bunch of phones, including mine. He can crack my SIM pin in no time. Or what if someone uses his birthday as his SIM pin? People do it all the time and hackers know that.
Let’s assume the hacker has somehow hacked my SIM. Is there a way I can still stop him?
Can I add another level of difficulty? I believe I can.
Level 3: Restricting my accounts to my devices
Going back to that analogy of a phone SIM being like a safe with infinite keys (OTPs) and infinite doors (devices), the idea here is to restrict entry to one or two doors (devices).
Authentication Apps
This category of apps work by checking if the device being used to access my account is one which I have approved. If it’s not, access to my account is denied. In short, the app locks my account to my device, and not my SIM. This means that even if the hacker has hacked my SIM, and has my OTP (the keys to my safe), he can’t get into my safe as it can be accessed only on device approved by me. In this case, it’s my phone (one door).
If I do this, the only way a hacker can steal my money is if he can: – hack my bank account user name and password – take over my SIM – hack my SIM lock pin – crack my phone’s lockscreen pin – and finally, steal my phone
The odds are now definitely more in my favour. Question is, can this be done. The answer is no and yes.
No, because most Indian banks still work with OTPs.
Yes, because SBI, India’s largest bank has an authentication app that links OTPs to my phone, rather than my SIM.
SBI Secure OTP app
SBI is India’s largest bank and used to have a reputation for being inefficient. though that is gradually changing. In theory, the idea behind its app, of delinking OTPs from SIMs is conceptually sound.
But in reality, the SBI app is often glitchy, gives error messages, and asks you to try later. My guess is SBI, being a public sector bank, prefers to err when in doubt, rather than let a fraudulent transaction happen. That may make SBI safer but it means you can’t always rely on the app to work (see the app’s reviews on IOS or Google Playstore). However, I like the concept so I use the SBI app. But I also have a second bank account with a private sector bank as a backup, as they tend to be more reliable.
Anyway, what this app does is remove the SIM from the equation. I first need to download and register this app, which strangely enough is by OTP via SMS. After this is done, whenever I do a transaction in my account and it asks for an OTP, I know it won’t be coming by SMS. So I login to this app on my phone, tap on the ‘Get Online OTP’ option. It generates an OTP, which I then use to complete the transaction. I’m using the ‘Online OTP’ option where your phone has to be online. SBI also has an offline OTP option where you are given an 8- digit number when you attempt to do an online transaction. You enter that number in the app, and it generates the OTP, without the need for your phone to be online.
As OTPs are not being sent via SMS, a SIM swap is now useless for a hacker. Even if he has accessed my bank account, he can’t transact or steal my money despite having hijacked my SIM.
I must add that I’m not sure that this app is foolproof. As you can see in the last screen, I can change my phone by clicking on settings, deregistering my existing phone, and registering a new one. So if this is possible, maybe a hacker who has access to my bank account could delink my phone and register his phone to run that SBI Secure app, and get the required OTP. Or for that matter, he could just switch back to the OTP by SMS mode.
But I haven’t heard of anything like that happening, so maybe SBI has figured out how to prevent that.
Oddly enough, SBI itself provides a way to bypass the SBI Secure app. You just have to download SBI’s YONO app, and link it with your phone. You can then transfer funds with an SMS OTP. This happens even after you have clearly indicated in your online SBI account that you want to disable OTPs, and stick to the SBI Secure app OTP. This loophole does not exist on the SBI YONO Lite app, so the solution would be to discontinue the YONO app. But who’s going to bell the cat?
Authy
Though I haven’t been able to figure out how to use authentication apps with banks other than SBI, I have found that you can use authentication apps to lock down your other accounts like Google, Amazon, and Dropbox. So why not? The more locks, the better.
Normally, I would have gone with the Google authenticator app. But it seems the app doesn’t provide a backup option. This means if the device you install the app on crashes or is lost, you will be locked out of those accounts you protected, and will have to manually and laboriously unlock each of those accounts. I don’t really understand how it works, but what I understood was enough for me to avoid the Google authenticator app.
So I tried the Authy app, which allows an online backup option. Setting it your phone as an approved secure device isn’t too complicated. You download the app, and open it. Setup automatically starts. You enter your phone number, receive an SMS OTP, and that’s it. Here’s how I did it on my Android.
Adding devices After setup, the app asks to install an account to be protected. But I quit the app as I wanted to first add my iPhone and my iPad to the list of approved devices. Again, the process was simple as shown below for my iPad. Download app, install, choose option to verify… and the device is added.
Adding accounts Next I decided to try to add a Google account to Authy on my Android. The ‘add account’ function is buried in the three dots on the top right of the app (screenshots are disabled on this page). The steps were simple. The app asks you to scan the QR code from the Google site, and allow Authy to use your camera to do this. Once the QR code is scanned, the account is added to your protected accounts.
However, there were a few hiccups along the way as that QR code wasn’t easy to locate. Had to dig deep into Google before I found it. Here’s what you need to do. First, sign in to your Google account, and go through the process to turn on 2-step verification (see previous section). After you tap on the ‘turn on’ button, 2FA will be turned on, and the next page will display a ‘turn off’ button. The authenticator app option is hidden on this page; scroll down and you will see it.
Tap on ‘set up’ in the authenticator app section. You will be asked what kind of phone you want to install the app on. I was doing it on the Android so that’s what I tap on. And finally we get the see the elusive QR code.
But there’s still an issue. If I was setting up Authy on another device, then I can just scan the QR code from my Android’s screen. But in this case, I’m setting up Authy on my Android itself, so it’s obviously impossible to use my Android’s camera to scan the QR code. What I have to do is tap on ‘Can’t scan it’ below the QR code. That takes me to a new page where I’m shown a key. I copy it, go back to the Authy app, tap on the three dots, and then choose add account. On the next page, instead of scan QR code, I tap on ‘enter code manually.’
One last precaution. There is a possibility that someone can hack Authy account, and add his device and thus get access to my accounts. To prevent this, I go to my Authy app, find my way to its settings, tap on the ‘devices’ tab, and then turn off the option to ‘allow multi-device.’ Now even if a hacker accesses my Authy account, he will not be able to add his device.
One last step. I need to delink and remove my SIM number from my email accounts, as I had relinked my SIMs to my email while writing this post.
We are finally done. My account is now secured and can only be opened on my devices.
Level 4: Restricting access to a physical key
This is the final level that I could find. It’s basically two factor authentication, except that the second factor is an actual physical device, without which you will not be able to access your accounts. It’s sometimes given by a service provider, like say a bank. There are two ways in which it works.
The first is a key that you plug in to your device, without which you will not be able to access your accounts on that device. It usually plugs into the USB port. So we are talking of laptops and desktops mainly, though some mobile devices do allow USB access.
The second is a tiny code generator that gives you a code which you need to enter along with your password. I have used this thingy when I had an account with HSBC. Though it’s secure, I was always worried I would lose it.
A few more tips to stay safe
If your phone’s network is out of coverage for an extended period of time, check with your service provider. If they say your SIM is active and being used, a hacker could have done a SIM swap on you.
Make sure your SMS notifications don’t show on your lockscreen. If a thief steals your phone, then he can get your OTPs even without unlocking your phone.
Don’t use your phone number on social media if possible. I have an old number on my Facebook, and I refused to update it on the site despite repeated nags to do so. Facebook actually knows my current number as it’s linked to my WhatsApp, which Facebook owns. But they can’t just go and update it in my account, can they? (I still need to remove that number just to avoid my FB account being taken over)
Check your bank account statement regularly, and make sure you are registered for email alerts in action to your SMS alerts. This has to be your primary email account so you don’t miss the alerts.
If you have elderly family members with bank accounts who do not keep an eye on them, use your email on their accounts. This can be an issue if you both have accounts with the same bank. That’s because your email can only be linked to one account in that particular bank. One workaround is to use an alias. So if your email is johndoe@gmail.com then you can use johndoe@googlemail.com for the second account. The bank will see it as different emails and accept it, but the alerts will both come to the same email.
Avoid keeping your IDs and important documents in your email or cloud accounts.This includes that 19-digit SIM number on the back of your SIM card. If you absolutely need to store documents online, then make sure these accounts are securely locked to your device.
Use a password manager app like Lastpass to store all your passwords, and manually access it. Obviously, the master password to your password app should not be one you have used anywhere else. I know Apple already stores passwords in a similar service built into their devices, which is supposed to be encrypted and all. Google also does the same. But the thing is your system also has access to these services across many apps. So I have the same ‘too many doors to my safe’ worry. Or maybe I’m just being a paranoid android.
Related posts:
I have written a couple of companion articles to this post. The one below is for those who are worried about handing over all their passwords to a digital password manager. It illustrates how I manually created a password that’s easy to recall but at the same time is very strong.
babulous 