Thanks for taking the time to watch! If you're ready to get started with the double-blind password strategy, my favorite password manager app to use it with is 1Password. You can try it risk-free for 30 days using this affiliate link: www.allthingssecured.com/try/1password-dbp
What is the easiest way to update all of my passwords that are previously saved under settings>passwords? I have a “⚠️” message saying passwords were compromised. Which is like 300 plus… passwords. Is there an easy way to update all at once? Until I can slowly get around to it?
I see this 30 offer is no longer available. Do you have another link to try this password manager for free for 30 days? (Sorry, I’m just seeing this video.)
Awesome video. But can i ask why you don't recommend bitwarden, many of the security savvy guys on youtube are recommending bitwarden as its open source, but you seem to recommend 1password, are you affiliated with them? if not and you just prefer to use it, do you have a video of your top 3 password managers (im sure bitwarden is in the top 3) and the reasoning why you chose 1password vs the others. Second question, regarding the double blind method, i notice that after you type in your extra memorised digits and log in, 1password doesn't realise you actually logged in with something successfully with something other than the vault password and then ask you if you wish to update the stored password in the vault, is this a feature of 1password where you can disable it asking you to update the password if it detects you've logged in successfully with something other than the vault password?
I agree with previous comments. I worked in the IT world for over 20 years and so suspect more than most that there's always a way to get past multiple security layers built into one system. Simple, straight forward method. Thanks.
Amazing!!!!!. Im using up to 200+ different passwords using something like your "unique ID"(suffix,preffix), everything memorized. But, combining "password manager +UniqueID" solves EVERYTHING. I will jump on password managers and give you a BIG like and Sub. You a are a genius. Cheers.
I really like how you responded to so many comments (even the angry ones) and your method does make things more secure simply because people can't just copy and paste your stuff. It adds an extra layer of security. However, I do agree that it isn't THAT much harder for a hacker to crack, but one scenario that I can think of is if your laptop was stolen while you were still logged into your password manager. If you use the delete a few characters method a person just needs to delete a key, try the password, and repeat in O(1) amount of tries. If you use the method of adding a key like a 4 character password, this can be cracked because the length is too short. This is assuming they have some idea of your methodology, and in security it's good to work on the assumption that attackers know your methodology. However, I think this adds enough to deter attackers in a few scenarios, especially because sites often have a limit to how many guesses they can make and in the time it takes for them to figure it out, you should be aware that your security has been compromised and change your passwords accordingly.
Thanks so much for the kind words, Angel! I agree with what you're saying here and hope you're able to implement some version of this strategy to secure your accounts as well!
@@AllThingsSecured Please realize that we have a lot of idiots out here. Your method absolutely increases security and cuts down on a host of scenarios where a person would be absolutely screwed. However, because it doesn't protect people against EVERY possible scenario, people here are complaining? Please know that some of us out here really do appreciate the hard work that goes into making this content. Please ignore the idiots.
I've had something like this happen inadvertently, ie a space was added to a password on a particular site and the password manager didn't capture it so it always failed. I happed to figure it out by chance. Thank you for finishing the puzzle for me, it never occurred that this could be an effective strategy.
I have been on the fence about using a password manager for ages, but never really bothered. This video finally got me around to do it. Thanks for the pro tip! I never thought about using a method like this.
I love the idea of this. I would love to do this but according to the reviews it doesn't work well with the Android app and the customer service is lacking.
Instead of a unique ID with only 4 characters, have your pw manager randomly generate a 15 character pw and store it as a static password on a yubikey. A long touch on the yubikey will enter that portion for your second half of the total pw. I would recommend to use this method for one's master pw on your manager as well; a portion of the master that you type in, plus the yubikey portion.
@@2011k1500 Ha! Yes. But of course that's a lot better than storing your entire mp on a yubikey and your funds being lost, and that assumes the perpetrator even knows what's on it, how to use it, and what it's for. The idea is that with your yubikey stolen or lost, it gives you time to change your mp before the other piece could be compromised, assuming you were smart about how you stored that piece (not with the yubikey piece of course). BTW, I do recommend having 2 yubikeys, even for 2FA. Then a third copy of the yubikey portion on an encrypted server (somewhere that can't be lost or stolen in the same way). Nothing is 100%.
An easier way would be to just delete the last character instead of adding 4+ characters on the end into the website. I love this and will be changing to it thanks.
Only problem with this way round is that the password manager will still be storing 100% of the password. The other way round means a malicious actor would still have to figure out the extra 4 digits.
@@svend.waterlaw8592 the keylogger will capture the added part of the password. It won't know the first part 1password added. Maybe a way around it would be to be able to copy paste the added value. The keylogger would then not capture it unless it was around when first created. How would it know its function?
This idea is awesome. I used to feel uncomfortable having my full banking passwords on my password manager. Now I don't worry at all. Thank you for this video. 🙂💯
Great advice, this tip will give me better sleep at night. I personally only use it for my emails since other accounts can be restored with it. Cant imagine someone taking over my email. Also for crypto seed phrases I just write them down on paper + in my bitwarden but use a different sequence. I saved this vid to my ''best vids'' list on youtube btw.
I love this. Just a few rhetorical questions. Why does your unique ID have to be at the end or the start? Can't it be at a specific number of characters in from the start or end of your password? If worried about keylogging the arrow keys, make it only a few characters that the cursor can be placed using a mouse click. What about two passwords stored for the same site? One for the first part of the password + unique id + last part of the password? How about two password managers? One for the first part of the password from first password manager + unique id + last part from 2nd password manager? Why not mix in a Yubikey while you are at it? Just remember one very important thing. Create a way to have access to that unique id in the event of a medical event or condition that can affect your memory. How far does your trust go, even for your own brain? How deep into the rabbit hole do you think you need to go? Only you can answer that question.
Anyone heard of the “master password” app? It’s not perfect but it’s a really genius idea. Passwords are not stored, AT ALL. Even if you give away your “master password”, the hacker/attacker still needs to know what name you used (preferably not your real name), the pattern you used to create the password, the algorithm for generating the password and the current iteration counter of that password. This sounds complicated but if you have a system in place on how you generate your password, it really is a brilliant system. The only annoying, at least for me, now, is putting a system in place on how I’d know the current counter for each password. Other than that, it’s very nice to use. Hope it helps.
What if you have different contradicting rules in different services? Eg in one service at least 12 chars with special characters and on other service up to 10 and no special characters allowed?
@@AllThingsSecured I wanted to jump on and use 1password and apply this method of double blind password but, when i was about to download the extensions on chrome and safari .. I noticed less than 3 stars reviews on them and almost 90% of users complaining that it doesn't autofill.... have you experienced this ? could use your help here 🙏🏽
thank you so much, you have such a positive outlook in helping people secure their cyberspace, internet and social media accounts and you are truly the best
The idea itself is good, but imho just eliminates one of the purposes of a password vault, e.g., taking off the mental load of remembering complex passwords. If you have 50+ logins and you need to associate the same number of ids for the stored "wrong" passwords, then you have the same result: 50+ (I assume unique) ids to remember...In case I misunderstood the concept, then ignore this comment :)
simply put the same prefix/suffix on all. A complex password is still a complex password, the extra characters will just add the extra security level, it doesn't need to be unique for every password
Except now you need something to manage your unique identifiers for those sensitive passwords. Haha. Great idea, even if someone was using autofill through a browser
I've used a few password managers. What do you do about those, such as LastPass, that prompt you to "update password?" every time you manually change one? Do you just say "no"?
I don’t know about LastPast, but one reason I use 1Password is because they have a feature where you can turn off this prompt to update your password every time.
@@AllThingsSecured very good. TBH, I've not looked for that option in any of my password managers. I like the idea shown in your video. I use something similar when making answers to the verification questions that are often on a website. I have a "root word" that i incorporate at the beginning of the answer to the question. While someone might guess an answer they're not likely to know my root word. I, also, never answer the questions with an associated answer. For example, I don't use my pet's name if it asks for pet's name. Thanks for your videos!
I like the unique ID idea better, it's more universal and even so it's just as effective. You'll be trying to remember a lot of last digits, if you're young; have at it 😂 But I'm with the add more perspective. You can use the same unique ID across all your managed passwords, Nice!
Is there any safe way to use the convenience of the built-in password manager in Chrome browser? What if I use a 30 character generated password for my Google account and store passwords in Chrome?
I can't tell you that until you sign an NDA 😂 Seriously, though, I do use the same unique ID since the beginning part of the password is entirely unique.
Thanks for taking the time to watch! If you're ready to get started with the double-blind password strategy, my favorite password manager app to use it with is 1Password. You can try it risk-free for 30 days using this affiliate link: www.allthingssecured.com/try/1password-dbp
What is the easiest way to update all of my passwords that are previously saved under settings>passwords? I have a “⚠️” message saying passwords were compromised. Which is like 300 plus… passwords. Is there an easy way to update all at once? Until I can slowly get around to it?
@@missmandee4733 You took the words right out of my mouth. 😂 Excellent question!
I see this 30 offer is no longer available. Do you have another link to try this password manager for free for 30 days? (Sorry, I’m just seeing this video.)
Awesome video. But can i ask why you don't recommend bitwarden, many of the security savvy guys on youtube are recommending bitwarden as its open source, but you seem to recommend 1password, are you affiliated with them? if not and you just prefer to use it, do you have a video of your top 3 password managers (im sure bitwarden is in the top 3) and the reasoning why you chose 1password vs the others. Second question, regarding the double blind method, i notice that after you type in your extra memorised digits and log in, 1password doesn't realise you actually logged in with something successfully with something other than the vault password and then ask you if you wish to update the stored password in the vault, is this a feature of 1password where you can disable it asking you to update the password if it detects you've logged in successfully with something other than the vault password?
I think I have just found myself a new favorite channel.
Thanks for the kind words.
I agree with previous comments. I worked in the IT world for over 20 years and so suspect more than most that there's always a way to get past multiple security layers built into one system. Simple, straight forward method. Thanks.
Thanks Doris!
That's actually a great idea. I've never thought about using password managers to SHORTEN what I need to remember.
Ok I was worried about the security if your master password was leaked. Now you have convinced me
Great to hear!
It makes me much more comfortable relying on a single password manager now. This is genius ! Many many thanks
👍🏻👍🏻🙏🙏
This is just pure class. This takes passwords to another level, I would never have even thought of this. Thank you so much 👍👍
Excellent idea. This really does take the risk out of password managers because even a hacker won't have any of the correct passwords.
Amazing!!!!!. Im using up to 200+ different passwords using something like your "unique ID"(suffix,preffix), everything memorized.
But, combining "password manager +UniqueID" solves EVERYTHING. I will jump on password managers and give you a BIG like and Sub. You a are a genius. Cheers.
Fantastic! I hope you like it :)
This is literally 2000 level IQ. Great video as always.
I’m glad they’re useful!
BEST advice since long! Thank you very much for this incredibly easy but effective hack!!!!
Brilliant. I've never used a password manager for the exact reasons you identified. Might now look into using one , thank you
Great!
So, call me paranoid, too! I’m going to use this extra layer! Thanks for the great idea!
Great! I'm glad you found it useful ;)
Same xD and its not rly paranoid, its only smart. so many people get there accounts hacked and it could cause huge problems.
WOW why isn't this more of a thing.. it's such a great yet simple idea. Think I'll adopt this ASAP!
Really solved a problem i was struggling with,Thanks.
Simple solutions solve the biggest problems.
Great! Glad to hear it.
Brilliant! A new subscriber here, this is gold! Thank you
I really like how you responded to so many comments (even the angry ones) and your method does make things more secure simply because people can't just copy and paste your stuff. It adds an extra layer of security. However, I do agree that it isn't THAT much harder for a hacker to crack, but one scenario that I can think of is if your laptop was stolen while you were still logged into your password manager. If you use the delete a few characters method a person just needs to delete a key, try the password, and repeat in O(1) amount of tries. If you use the method of adding a key like a 4 character password, this can be cracked because the length is too short. This is assuming they have some idea of your methodology, and in security it's good to work on the assumption that attackers know your methodology. However, I think this adds enough to deter attackers in a few scenarios, especially because sites often have a limit to how many guesses they can make and in the time it takes for them to figure it out, you should be aware that your security has been compromised and change your passwords accordingly.
Thanks so much for the kind words, Angel! I agree with what you're saying here and hope you're able to implement some version of this strategy to secure your accounts as well!
@@AllThingsSecured Please realize that we have a lot of idiots out here. Your method absolutely increases security and cuts down on a host of scenarios where a person would be absolutely screwed. However, because it doesn't protect people against EVERY possible scenario, people here are complaining? Please know that some of us out here really do appreciate the hard work that goes into making this content. Please ignore the idiots.
I've had something like this happen inadvertently, ie a space was added to a password on a particular site and the password manager didn't capture it so it always failed. I happed to figure it out by chance.
Thank you for finishing the puzzle for me, it never occurred that this could be an effective strategy.
Glad I could help, Mike!
That is so simple and so brilliant!! Thank you! Subbed!
Thanks for the sub!
Such a simple idea, but super clever. Definitely earned the sub. Thanks!
Awesome, thank you, Kyle!
I have been on the fence about using a password manager for ages, but never really bothered. This video finally got me around to do it. Thanks for the pro tip! I never thought about using a method like this.
Great! I’m glad you finally made the decision.
Same here.
That's really really a masterpiece. I had ever been skeptical about the PW manager's security iteself. Thanks a ton.
My pleasure!
This is one of those "how have I never thought of this". Great video. definitely worth a subscribe
Amazing password management strategy. Thank you! Also some of the comments are very helpful! Looks like I have to use two password managers!
WOW! That is SO paranoid! I'm going to start using that! Thanks!
This is a GREAT strategy!
Thanks, Gabriel :)
I love the idea of this. I would love to do this but according to the reviews it doesn't work well with the Android app and the customer service is lacking.
Instead of a unique ID with only 4 characters, have your pw manager randomly generate a 15 character pw and store it as a static password on a yubikey. A long touch on the yubikey will enter that portion for your second half of the total pw. I would recommend to use this method for one's master pw on your manager as well; a portion of the master that you type in, plus the yubikey portion.
Interesting idea. Just make sure nobody has access to your Yubikey.
@@2011k1500 Someone getting access to your Yubikey doesn't give access to anything. The pw is in two pieces.
@@matthewmoon2463 They would have access to one of the two pieces.
@@2011k1500 Ha! Yes. But of course that's a lot better than storing your entire mp on a yubikey and your funds being lost, and that assumes the perpetrator even knows what's on it, how to use it, and what it's for. The idea is that with your yubikey stolen or lost, it gives you time to change your mp before the other piece could be compromised, assuming you were smart about how you stored that piece (not with the yubikey piece of course). BTW, I do recommend having 2 yubikeys, even for 2FA. Then a third copy of the yubikey portion on an encrypted server (somewhere that can't be lost or stolen in the same way). Nothing is 100%.
Great idea! Thanks!
You run a great channel, Josh. Thank you for all the interesting content. I love cybersecurity stuff!
Stay safe, be well.
Wow Josh, that's a great strategy to keep out the hustle of remembering and add good security
An easier way would be to just delete the last character instead of adding 4+ characters on the end into the website. I love this and will be changing to it thanks.
That's not a bad idea either. Thanks!
Only problem with this way round is that the password manager will still be storing 100% of the password. The other way round means a malicious actor would still have to figure out the extra 4 digits.
@Falcon the ideal strategy would be removing the last letter for instance and then add a unique ID !! 😉
@@AimelodyMusic well, and what do you do, when you have a keylogger on your system?
@@svend.waterlaw8592 the keylogger will capture the added part of the password. It won't know the first part 1password added. Maybe a way around it would be to be able to copy paste the added value. The keylogger would then not capture it unless it was around when first created. How would it know its function?
This is genius. Thank you so much!
This idea is awesome. I used to feel uncomfortable having my full banking passwords on my password manager. Now I don't worry at all. Thank you for this video. 🙂💯
Glad it was helpful!
Yeah, this is next level security...much needed! Thanks
Glad it was helpful, Rodney!
Why doesn't this video have more views!! Brilliant and simple. I'm doing this. Thank you.
Thanks so much, Bruce! I’m glad it was useful 👍🏻
Man, very nice. Love it. Thank you! Subscribed.
Awesome. Glad it was helpful!
The simplest ideas are the most brilliant. This is just amazing!
Glad this helped, Jefferson!
Nice....
Simple but secure EXTRA LAYER on top of super secure passwords.
Thanks Josh for sharing such a great thought.
Thank you very much. This is so simple yet so awesome at the same time!
Great advice, this tip will give me better sleep at night. I personally only use it for my emails since other accounts can be restored with it. Cant imagine someone taking over my email. Also for crypto seed phrases I just write them down on paper + in my bitwarden but use a different sequence. I saved this vid to my ''best vids'' list on youtube btw.
Thank you for this video!!! No clue about doing this before. But it’s brilliant. Just subscribed
Awesome! Thank you!
Clever trick, thanks as always!
ok this is brilliant hahah will implement this in my most important passwords for sure!
Perfect! Glad it was useful, Marco.
thank you so much you have helped me out and with an awesome idea you've just gained a new loyal subscriber
Glad I could help!
Wow! Thank you so much! Should we use a single "unique ending" for all our important passwords or should each password have its own?
Thanks, Very cool idea, will start Integrating some form of that today
Great to hear!
That a great especially for financial institutions. thank you so much.
Fantastic extra layer of security! thanks for sharing!
My pleasure!
Mind blown! Thanks dude!
Glad to help!
I love this. Just a few rhetorical questions.
Why does your unique ID have to be at the end or the start? Can't it be at a specific number of characters in from the start or end of your password? If worried about keylogging the arrow keys, make it only a few characters that the cursor can be placed using a mouse click.
What about two passwords stored for the same site? One for the first part of the password + unique id + last part of the password?
How about two password managers? One for the first part of the password from first password manager + unique id + last part from 2nd password manager?
Why not mix in a Yubikey while you are at it?
Just remember one very important thing. Create a way to have access to that unique id in the event of a medical event or condition that can affect your memory.
How far does your trust go, even for your own brain?
How deep into the rabbit hole do you think you need to go? Only you can answer that question.
Oh man, that's a deep, deep hole that you're digging 😂
@@AllThingsSecured 👍😂
Quite new to your channel and very impressed with your work,thanks for making my life more secure and great videos,you have a great day.
Simple but effect solution. You are genius.
Glad you found it useful!
Such an ingenious idea - thank you!
You are so welcome, Joshua!
I just subscribed. Thank you sir! Great video!
Thanks!!
Brilliant. Thank you fro sharing this important strategy. Will use :)
My pleasure, Michael. Thanks!
This is awesome thanks for the advice this just made life so much easier for me
Glad it helped!
This is brilliant, seems similar to the salting strategy for encryption.
Yes, very similar.
Awesome video Sir!
I think this is a great idea and great advice!
Thanks so much!
Great Tip. I will start using this strategy Thank you.
Awesome! Glad to hear it, Aguila.
Wow! Great strategy!! Thank you so much.
Glad you liked it!
omg so simple, but so brilliant! Great ideia!
Anyone heard of the “master password” app? It’s not perfect but it’s a really genius idea. Passwords are not stored, AT ALL. Even if you give away your “master password”, the hacker/attacker still needs to know what name you used (preferably not your real name), the pattern you used to create the password, the algorithm for generating the password and the current iteration counter of that password. This sounds complicated but if you have a system in place on how you generate your password, it really is a brilliant system. The only annoying, at least for me, now, is putting a system in place on how I’d know the current counter for each password. Other than that, it’s very nice to use. Hope it helps.
Never heard of it before, Kevin. Seems a bit complicated, though.
What if you have different contradicting rules in different services? Eg in one service at least 12 chars with special characters and on other service up to 10 and no special characters allowed?
Brilliant, brother!
Hello. Big fan of your security tips!!
Do you have a video reviewing the best anti-virus softwares for PC ?
Not yet. Honestly, I don't really use antivirus software much and haven't found one that I like.
interesting! Like adding "salt" to a hash value!
How strong should the added ID be? If someone hacks and has access to all passwords, it can brute force by appending or prepending extra characters
Excellent idea man!!!
Thanks for such a great share!
My pleasure! Thanks for watching and commenting.
One word : brilliant.
you save lives my friend .. you save lives ... cheers
Haha 😂
@@AllThingsSecured I wanted to jump on and use 1password and apply this method of double blind password but, when i was about to download the extensions on chrome and safari .. I noticed less than 3 stars reviews on them and almost 90% of users complaining that it doesn't autofill.... have you experienced this ? could use your help here 🙏🏽
You sir are a genius!! Thank you!
Glad to help, Lavolka!
thank you so much, you have such a positive outlook in helping people secure their cyberspace, internet and social media accounts and you are truly the best
Thanks 🙏
Beautiful informative video sir, we all love your information.Thank Josh ( जॅश){in Marathi} sir
My pleasure!
Wow, this is mind blowing 🤩
wow! great solution, Thanks so much. 🙌
My pleasure 👍🏻
The idea itself is good, but imho just eliminates one of the purposes of a password vault, e.g., taking off the mental load of remembering complex passwords. If you have 50+ logins and you need to associate the same number of ids for the stored "wrong" passwords, then you have the same result: 50+ (I assume unique) ids to remember...In case I misunderstood the concept, then ignore this comment :)
simply put the same prefix/suffix on all. A complex password is still a complex password, the extra characters will just add the extra security level, it doesn't need to be unique for every password
This is good for more sensible passwords
What about the non-sensible passwords?
Game changer, genius bro! thanks
👍🏻👍🏻
Brilliant idea! Thank you. 👍👍👍
My pleasure, Martin!
I like this idea. good one! cheers!
Thank you, Mayuresh!
This is genius!!!, thanks a lot!
You're welcome, Maxiumus!
You look like that one hero cop that deals with anything like a pro.
Except now you need something to manage your unique identifiers for those sensitive passwords. Haha. Great idea, even if someone was using autofill through a browser
Agreed. Guards against occasional snooping by friends of friends and such.
YOU ARE GENIUS!!
I wouldn’t go that far, but thank you for the kind words!
I've used a few password managers. What do you do about those, such as LastPass, that prompt you to "update password?" every time you manually change one? Do you just say "no"?
I don’t know about LastPast, but one reason I use 1Password is because they have a feature where you can turn off this prompt to update your password every time.
@@AllThingsSecured very good. TBH, I've not looked for that option in any of my password managers.
I like the idea shown in your video. I use something similar when making answers to the verification questions that are often on a website. I have a "root word" that i incorporate at the beginning of the answer to the question. While someone might guess an answer they're not likely to know my root word. I, also, never answer the questions with an associated answer. For example, I don't use my pet's name if it asks for pet's name.
Thanks for your videos!
Love it! Great idea!
I like the unique ID idea better, it's more universal and even so it's just as effective. You'll be trying to remember a lot of last digits, if you're young; have at it 😂 But I'm with the add more perspective. You can use the same unique ID across all your managed passwords, Nice!
Josh, you are awesome. Thank You!!!
My pleasure!
The old and known "envelopes" system with a tweek, good idea.
Is there any safe way to use the convenience of the built-in password manager in Chrome browser? What if I use a 30 character generated password for my Google account and store passwords in Chrome?
Very nice strategy. Thank you.
Glad it was helpful, Wes.
This is just brilliant
Thx, this is brilliant 👌
No problem 👍
That's so simple, but I never would have thought about it. Thanks!!
Glad to hear it, John!
Would you be ok storing your 2FA inside the password manager? (such as 1password) if you have this strategy of extra key in place?
Bruh, you a genius
Great video and method, thank you.
My pleasure.
This is terrific…do you use the SAME UNIQUE ID for all your sensitive accounts?
I can't tell you that until you sign an NDA 😂 Seriously, though, I do use the same unique ID since the beginning part of the password is entirely unique.
Is the unique identifiers u use for all different websites the same?
For me, it's the same. The password will still be unique, though, since the first portion of the password changes with each login.
Thank you for the good idea. The password is stored on facebook though, right ?