By: Alex McOmiePassword manager reviewer
Editor: Owen DubielIT security and VPN expert
Most internet users are aware of basic password best practices, such as avoiding personal information, changing sensitive passwords regularly, and using long, complex passwords that are resistant to brute force attacks. You might also use a password manager to keep your passwords straight and ensure that you can access them on different devices.
While those steps are a great way to make your accounts secure, they still leave you open to certain cybersecurity threats. For example, storing all your passwords in a single password manager reduces the risk of a breach, but it also increases the damage that a hacker could do. With only the password to your password manager account, they could access your vault and see all of the other passwords you use.
Using a password manager won’t fix all of your cybersecurity concerns. Think of this like putting all your savings in a safe — even if the safe is hard to crack, you could lose your life’s savings if someone happens to acquire the combination.
A double-blind password fixes this problem by removing your actual passwords from the password manager. Instead, you’ll store an incomplete version, or possibly something that reminds you of the actual password.
For example, let’s say you’re currently using a passphrase like “i-love-game-of-thrones.” If that’s what you write in your password manager, it’s easy for someone to crack the account as soon as they access your vault.
If your favorite “Game of Thrones” character was Arya, you could add that to the end of the real password without entering it in your password manager. You’ll be able to remember the full password when you see the password manager entry, but that information won’t be as helpful to someone who’s trying to hack your account.
The advantage of double-blind passwords is that they reduce the need for memorization without putting you at risk of unauthorized access. You probably can’t remember a unique password for every account, but it’s much easier to remember the end of a password if you store the beginning in your password manager.
One of the main questions people have when setting up double-blind passwords is what they should add to the main part of the password. The unique identifier is the key element that separates a double-blind password from a regular password. Naturally, you want to come up with something that’s easy for you to remember but also difficult for someone else to guess.
Ultimately, the unique identifier is up to you. Most people don’t use double-blind passwords at all, but even something simple like adding “676” to the end of every password is better than nothing.
Of course, you get more security out of an identifier that’s at least somewhat more complex. Try to avoid obvious sequences, such as 123, abc, or 000, which would be natural for a hacker to guess.
Some internet users make things even more complex to take full control of their security. Reddit user El_Impresionante, for example, has a unique approach: “I store a full 16 character password in the manager, and I replace characters at specific places based on a memorized technique.”
El_Impresionante didn’t go into more detail about their technique, but it’s easy to see what they have in mind. Instead of adding something to the beginning or end, they came up with a sequence that takes place within the password.
For example, let’s say “cats” was their unique identifier. If a password manager generated the password “vsdyNCv747qebAS9”, then El_Impresionante might change the first character and every fourth character after that. In that case, the final password would be “csdyaCv7t7qesAS9”. This is just one way to make your unique identifier more complex without making it more difficult to remember.
Meanwhile, double-blind passwords can also be more complicated to manage than regular passwords. Since you don’t want your password manager to save the actual password, you need to take more of an active effort to make this approach work.
We’ll walk through the steps to create double-blind passwords in Bitwarden, but the process should mostly be the same regardless of the password manager you’re using. Start by navigating to your password manager’s generator, then generate a password that fits your ideal parameters.
For example, Bitwarden allows users to generate custom passwords based on length, character types, and whether they want a passphrase or a conventional password.
After generating the password, the next step is to save it to your password manager as-is. However, you should add your unique identifier to the beginning or end of the password when you enter it on the actual website or app you’re using. This way, Bitwarden stores the main part of your password while the rest of the key is known only to you and is impossible for someone else to uncover.
At this point, you’ll be able to log into the account by letting your password manager autofill the base password and then typing in the identifier yourself. Depending on the software you’re using, your password manager may recognize that the full password is different from what you’ve saved. Saving the full version would defeat the purpose of a double-blind password, so make sure to decline this option or turn it off entirely in your password manager settings.
At this point, you’re ready to start switching to double-blind passwords to keep your online accounts as secure as possible. While this adds a little complexity to your login attempts, you should get used to the process of creating, saving, and using double-blind passwords for all of your accounts.
Setting up double-blind passwords is much more straightforward if you use a reliable password manager that can create passwords based on your parameters. Check out our list of the best password managers in 2023 to learn more about your options.
