Double blind password refers to a secure way to store passwords within a password manager app that keeps the real password hidden from both the app and the user. This method is a recommended solution for those who want the convenience of a password manager app without the potential risks of a security breach.
The following tutorial will explain exactly how to setup and use the double blind password method for your most sensitive online logins.
In a world where news of a new breached database occurs every week, it seems risky to put all your password eggs in a single password manager app basket.
Hear me clearly here…
I still highly recommend you use a good password manager app to help you create strong passwords and store them securely.
But I also realize that many people are hesitant to take the step to secure their passwords because:
- They don’t trust password manager apps. Despite the security measures of a password manager app, it’s understandable that you wouldn’t want to trust one company with passwords to all of your logins!
- They think it’s just too complicated. It’s easier to just stay with your less-secure passwords than try to migrate to a new method that seems a bit risky anyway.
Do either of these sound familiar?
If so, you’re in the right place.
Using the double blind password strategy that you’re going to learn here, you’ll be able to take advantage of stronger passwords that are blind to both you and the password manager app.
Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed. I only recommend what I personally use, though, and my desire is to help you improve your online security.
How a Double Blind Password Works
Before I go into a written explanation, I strongly encourage you to take 5 minutes to watch this video. In it, I explain exactly how a double-blind password works, using language and visuals that make it easy to understand.
Make sure to subscribe to the All Things Secured YouTube channel!
The premise of a double blind password strategy is that neither you nor the password manager app know the full password.
You’re creating a strong password that is stored using a password manager software and then you’re adding a unique identifier that only you know.
When done correctly, the password that is being stored in the password manager vault isn’t the actual password.
Without the extra key that is the unique identifier you added, the password being stored in the secure vault is useless.
It’s a double blind password because you don’t know the first half of the password and the password manager software doesn’t know the second half.
This creates an incredibly secure password creation system where:
- The actual password is never stored anywhere;
- You’re still able to create strong, unique passwords for each online login;
- Even a malicious keystroke logger (that hackers might use) won’t be able to detect the password.
That’s how a double blind password works. Now, let’s get to the nuts and bolts of how to set it up and use it.
Double Blind Password Setup Tutorial
While the initial setup of this kind of password adds a few extra seconds to the process, I promise you it’s worth the effort.
I recognize that there are a number of great password managers on the market today. The one I use and recommend is 1Password, which is what you’ll see me use in this tutorial.
Setup Tutorial with 1Password
Let’s pretend that you’re setting up a new Facebook account and you want to use the double blind password strategy with 1Password.
Here’s how you would do that.
First, with 1Password already installed on my computer, when you reach the entry to create a password, choose the one that 1Password suggests.
Once you’ve selected “Use Suggested Password”, you’ll be prompted to save that in your 1Password Vault.
Now that 1Password has saved the suggested password, and before you click “Sign Up”, you will now add your unique identifier. This could be a word, a set of numbers or anything else you want.
I suggest a 4-8 character combination of numbers and letters. Your unique key must be something you can easily remember!
Once you click “Sign up”, Facebook will save your new password that includes both the strong string of characters that 1Password suggested along with your unique key.
1Password doesn’t store your real password.
Once you’ve done this, however, how would you go about using this password?
Real-Life Use Case Tutorial – Facebook
In keeping with the Facebook example, let say you now want to login to your new account using the double blind password strategy.
When you reach the Facebook login page, the 1Password browser extension will automatically show you the available logins that are in your vault. Choose the appropriate login.
Once 1Password has filled in the password for you, click on the hidden password and type in your unique key that you set above.
If done correctly, you will automatically be logged in to your Facebook account.
There’s only one problem that sometimes arises that I want to address below.
Important Password Setting to Change
Once you set up a double blind password with your password manager app, you might notice one annoying problem:
The password manager will continually try to ask you to save this “new” password”.
Thankfully, there is a workaround here. This works for 1Password, although not every password manager app offers this functionality (i.e. Dashlane doesn’t).
If you go into the 1Password settings and click on the “Browsers” tab, you’ll find the password autosave setting.
This setting default is on, which is what you probably want, but in this case we don’t want the password manager to keep asking us about our double blind password.
So you can make exceptions for certain domains. In this case, I’ve put in “facebook.com” so that anytime I’m logging into Facebook using my unique key, the software doesn’t ask me to save this new password.
That’s the simple fix. 🙂
You Shouldn’t Know Your Password…
…and neither should your password manager app.
This is the power of the double blind password strategy. The sad reality of our online world today is that a memorable password is also a weak password.
If you can recall all your online login passwords from memory, you either have a photographic memory or your passwords suck.
Similarly, if a hack into your password manager app file would ruin you, the risk is too great.
A double-blind password gives you the ability to create secure passwords using a password manager app like 1Password while keeping the true password secret.
It’s only a strategy, but it’s one you should definitely consider using.