Double-blind passwords are a unique, underutilized option that shore up password vulnerability without adding complexity. Learn how double-blind passwords work and why you should consider using this approach for your digital accounts.

How Do Double-Blind Passwords Work?

Most internet users know basic password best practices, such as avoiding personal information and changing sensitive passwords regularly. Also, they use long, complex passwords resistant to brute-force attacks. While those steps are a great way to secure your accounts, they still open you to certain cybersecurity threats.

Are password managers worth it?

You might also use a password manager to keep your passwords straight and ensure you can access them on different devices. Storing all your passwords in a single password manager reduces the risk of a breach.

Yet it increases the damage a hacker could do. With only the password to your password manager account, they could access your vault and see all the other passwords you use. Using a password manager won’t fix all of your cybersecurity concerns. Think of this like putting all your savings in a safe — even if the safe is hard to crack, you could lose your life’s savings if someone acquires the combination.

What is a double-blind password?

A double-blind password fixes this problem by removing your actual passwords from the password manager. Instead, you’ll store an incomplete version or possibly something that reminds you of the actual password.

For example, if you’re using a passphrase like “i-love-game-of-thrones” and write it in your password manager, it’s easy for someone to crack the account when they access your vault.

If your favorite “Game of Thrones” character was Arya, you could add that to the end of the real password without entering it in your password manager. You’ll be able to remember the full password when you see the password manager entry, but that information won’t be as helpful to someone who’s trying to hack your account.

The advantage of double-blind passwords is the reduced need for memorization without putting you at risk of unauthorized access. You probably can’t remember a unique password for every account, but it’s much easier to remember the end of a password if you store the beginning in your password manager.

What Should You Use as Your Unique Identifier?

Many people setting up double-blind passwords wonder what they should add to the main part of the password. The unique identifier is the key element separating a double-blind password from a regular one. Come up with something easy to remember yet difficult for someone else to guess.

Ultimately, the unique identifier is up to you. Most people don’t use double-blind passwords, but even something simple like adding “676” to the end of every password is better than nothing. You get more security from an identifier that is somewhat more complex. Avoid obvious sequences, such as 123, abc, or 000, which would be natural for a hacker to guess.

Need a password manager?
Protect your data with these top-rated password managers.
1Password
Best password generator for enterprise
$2.99/mo
Dashlane
Best value password manager
$2.75/mo
Nordpass
Best password manager for security
$2.39/mo

How Can You Add Double-Blind Passwords to Your Password Manager?

Double-blind passwords can also be more complicated to manage than regular ones. Since you don’t want your password manager to save the actual password, you need more effort to make this approach work.

Password managers allow you to generate custom passwords based on length, character types, and whether you want a passphrase or a conventional password.

After generating the password, save it to your password manager as-is. Add your unique identifier to the beginning or end of the password when you enter it on your website or app. This way, your password manager stores the main part of your password while the rest of the key is known only to you and is impossible for someone else to uncover.

You can log into the account by letting your password manager autofill the base password and then typing in the identifier yourself. Depending on your software, your password manager may recognize that the full password differs from what you’ve saved.

Saving the full version would defeat the purpose of a double-blind password. Decline this option or turn it off entirely in your password manager settings.

Setting up double-blind passwords is much more straightforward if you use a reliable password manager to create passwords based on your parameters. Check out our list of the best password managers to learn more about your options.

#

Resources

  • All Things Secured: What Is a Double-Blind Password? Password Manager Hack for 2023
  • Bleeping Computer: What’s a Double-Blind Password Strategy and When Should It Be Used?
  • CGNET: Password Security: The Double-Blind Password Hack
  • LinkedIn: Concerned About Your Password Vault Getting Compromised: How About Using the “Double-Blind Password” Strategy?

Frequently Asked Questions About Double-Blind Passwords

  • How do I create a good master password?

    Create a long password of at least 20 characters, with a mix of letters, numbers, and symbols. Choose a memorable phrase that doesn’t use your personal information.

  • What are masking dots concerning a password?

    When you type in your password, the dots you see are called “masking.” The dots hide your password as you type each letter. Each dot represents a character you type, but that is the only thing known about the password.

  • What is a hidden password called?

    Most commercial password managers have hidden passwords. These allow system administrators to change the appearance of shared read-only passwords to display to end users as a series of dots or asterisks.

  • What is a good password?

    A strong password would include an uppercase character (A-Z), a lowercase character (a-z), a number (0 to 9) and/or symbol (such as !, #, or %). It should be 10 or more characters in total.

Learn More

author-img

About The Password Manager, Gunnar Kallstrom:

Kallstrom, The Password Manager, is a Cyber Team Lead for a Department of Defense (DOD) contracting company in Huntsville, Alabama, and has worked as a Computer Network Defense (CND) Cyber Analyst. An author and content creator for a cybersecurity academy, Kallstrom spent nearly 15 years in the Army as a musician before entering the cybersecurity field.

He holds a bachelor’s degree in music from Thomas Edison State University and a master’s in organizational development and leadership from the University of the Incarnate Word.

Kallstrom has completed several Computing Technology Industry Association (CompTIA) courses, including Security+, Network+, A+ Core 1, and A+ Core 2. He earned a CompTIA Security+ Certification. Additionally, he has completed the Cyber Warrior Academy program with more than 800 hours of hands-on, intensive, and lab-driven technical training in cybersecurity methods and procedures.

Passionate about all things cyber, Kallstrom was a speaker on a panel at the 2022 InfoSec World conference, giving a talk entitled “Hacking into a Cyber Career – True Stories.” Kallstrom is also a mentor to entry-level cybersecurity candidates seeking to break into the field. When he’s not working, he still enjoys playing guitar and fishing (not phishing).