Password Security: The Double-Blind Password Hack

password security

Written by Jackie Bilodeau

I am the Communications Director for CGNET, having worked for CGNET off-and-on since the early 1990's. I enjoy hiking, music, dance, photography, writing and travel. Read more about my work at CGNET here.

March 31, 2022

I stumbled upon a great idea this week while reading through some articles on password security. There are a multitude out there right now on the “best password managers of 2022”. (Look here and here for a couple of those.) Also, many on why you should use a password manager (which I wrote about back in 2019). And I read one on why you shouldn’t. Turns out the reason some people worry about using a password manager is the obvious “but what if THAT gets hacked? Then ALL my passwords are stolen at the same time!” concern. Which is legitimate. And why I was intrigued when I read about a new strategy: By using this one “trick”, you can have the convenience of a password manager but know that even if they get hacked, the passwords to all your various online accounts are all still completely secure.

Password security in the “virtual vault”

Password managers are regarded as the safest place to store your passwords.  They have multiple layers of security in place. They are also the easiest way for you to maintain multiple, unique passwords that you won’t ever have to memorize. Or reuse. Or write down on a Post-It note and stick on your monitor. (I think it goes without saying not to ever do that. Please.)  Anyway, the idea behind a password manager is that whenever you set up up a new account somewhere online, the app generates a complex password for you. All you do is “accept” this suggested password, and the manager saves it in its virtual vault. From that point on, it is autofilled for you whenever you log back onto that website.  So now you only ever have to remember a single “master password”  to access all the passwords in the vault.

OK, that sounds great, but what if…?

So, as I said, most cybersecurity pros assert that password managers are considered the best route for password security. That being true, there are plenty of users out there that still have concerns. As well they should: Multiple password managers have been hacked in the past, and there’s no reason to believe it won’t ever happen again.  And while yes, it is very difficult for the bad guys to get through all the layers of security and get ahold of – or guess — your master password, it has happened. That’s why I think this new password hack is brilliant.

The double-blind strategy

What it is

The idea is that you create a password that has 2 parts to it: One part is “blind” to you (which is not technically true, because you could look it up. But you do have to go through a process to get there, so I guess you are at least temporarily blind to it). The other part is blind to the password manager app.

How it works

It’s pretty simple:

  1. Your password manager app offers you a unique, complex password for whatever website you are creating an account on.
  2. You accept the password, log into the site with it, and then immediately change it by adding your own unique identifier (key code, PIN, whatever you want to call it) to the end of it. It can be whatever you want; maybe a 4 digit number or a word. Just something easy for you to remember.
  3. Now whenever you log back onto that site, your password manager will fill in their part of the password (that original suggested password, which they’ve saved in their vault), but you will have to complete the login by adding your code at the end.

Why it’s smart

So the password that is being stored in the password manager vault is no longer the actual password. Or better put, it’s no longer the entire password. Without adding the extra code that only you know, the passwords now being stored in the virtual vault are useless to a hacker. And you can use the same identifier as the addendum to your passwords on every account. So now you have a grand total of only 2 things you ever need to memorize: Your master password to access the password manager, and this code. Here’s a short video these smart people made that walks you through the whole process.

I don’t know about you but adding this extra little bit of password security makes a lot of sense to me!  And it makes using a password manager even more desirable. Kudos to these folks for coming up with such a simple yet powerful solution.

You May Also Like…

You May Also Like…

0 Comments

Submit a Comment

Your email address will not be published.

Translate »
Share This
Subscribe