Stone Lake Wealth Management's Guide to Enhancing Password Security: Password Managers, Multi-Factor Authentication, and Double Blind Passwords

In today’s digital age, the threat of hacking is ever-present, making robust cybersecurity measures essential. We all know that we should use a different complex password for each login we have. However, it is unrealistic to expect us to remember dozens of complex, random passwords and writing each one down is cumbersome and comes with its own set of risks. One effective approach to bolstering security involves the combined use of password managers, multi-factor authentication (MFA), and double blind passwords. Combining these tools can significantly reduce both the risk of hacking and the number of login IDs and passwords we need to keep track of. It is a huge win-win!

The Role of Password Managers

Password managers are tools designed to generate, store, and manage complex passwords for various online accounts. They offer several advantages:

1. Convenience: Users only need to remember one master password to access the password manager, which securely stores all other passwords.
2. Security: Password managers can generate strong, unique passwords for each account, reducing the risk of password reuse and weak passwords.
3. Efficiency: They can automatically fill in login credentials, saving time and reducing the likelihood of phishing attacks.

However, the primary concern with password managers is the “all eggs in one basket” scenario. If a hacker gains access to the password manager, they potentially have access to all stored passwords. This is where additional security measures come into play.

Adding Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) adds an additional layer of security by requiring users to provide two or more verification factors to gain access to an account.

These factors typically include:

1. Something You Know: A password or PIN.
2. Something You Have: A physical device like a smartphone or security token.
3. Something You Are: Biometric verification, such as a fingerprint or facial recognition.

By incorporating MFA, even if a hacker manages to obtain the password, they would still need the second factor to gain access. This significantly reduces the likelihood of unauthorized access. Everyone should be using MFA when offered by any site they login to. 

Introducing Double Blind Passwords

Double blind passwords, also known as “password splitting” or “partial passwords,” involve dividing a password into two parts: one part is stored in a password manager, and the other part is known only to the user. This method ensures that neither the user nor the password manager has access to the complete password, thereby enhancing security. So even if your password manager is hacked the bad actor can not gain access to your accounts. 

Here are the steps to implement a double blind password strategy.

1.  Pick a code consisting of a random string of numbers and/or characters 6-8 digits long.
2. Add that code to each password generated by your password manager and set the combination as the password for a site. 
3. Edit the password in the password manager to remove the code from the end of the password. Now the password manager does not have the entire password word for any site. 
4. When logging in to a site the password manager will populate the first part of the password and the user simply adds the code to the end before clicking 'login'.

Because the first part of each password is generated by the password manager the same code can be used for every login and still result in a unique, random and strong password for each site. Now, rather than having to remember or write down a different password for each site we need to keep track of only two, one for the password manager and your code. Just make sure that the password for the password manager is random, long and strong. Memorizing the code is as simple as memorizing a phone number. I suggest writing both down without any description or other information and storing the piece of paper somewhere very secure, such as a bank safe deposit box.  NEVER TELL ANYONE YOUR CODE!!!

Combining All Three: A Robust Security Strategy

When double blind passwords, password managers, and MFA are used together, they create a multi-layered defense system:

1. Password Generation and Splitting: The password manager generates and stores part of the password, while the user retains the unique identifier.
2. Secure Storage: The password manager securely stores the partial passwords.
3. Multi-Factor Authentication: MFA adds an additional verification step, ensuring that even if the password is compromised, the account remains secure.

This comprehensive approach ensures that even if one layer of security is breached, the additional layers provide robust protection against hacking attempts.

Conclusion:

In conclusion, the combination of password managers, multi-factor authentication, and double blind passwords offers a robust solution to enhance cybersecurity. By ensuring that neither the user nor the password manager has access to the complete password and adding an extra verification step, this strategy significantly reduces the risk of hacking. As cyber threats continue to evolve, adopting innovative security measures like these can help protect sensitive information and maintain digital security. I strongly recommend you take the time to implement this password security strategy. You will significantly increase your security while significantly decreasing the number of login ID's and passwords you have to track. As I said before, it is a huge win-win. 

Please do not hesitate to contact me if you have any questions. 

Sumit Kumar, Greenwich CT