Thanks for your insights! I just wanted to clarify a few points about how the system works, as I think there may have been some misunderstanding.

Everything in FortLock is decentralized:

Server A and Server B store hashed parts of the password, not the password itself, and they’re tied together via the Levelpoint stored on Server C. No single server has access to enough information to reconstruct the full password. The Levelpoint is an additional layer of security, ensuring that even if one server is compromised, it’s useless without the other two. We’ve also implemented several precautionary steps across these servers to ensure security, including encryption and independent infrastructures for each. The intention behind using this decentralized approach was to reduce the risk of having a single point of failure. I understand that there are other state-of-the-art methods like public key cryptography and hardware enclaves, and I’m exploring those further as I continue developing this system.

I really appreciate your feedback—it helps me refine my approach and stay grounded in what's proven. I’ll definitely take this into account as I work to improve FortLock.

Thanks again for taking the time to comment!

Best,

Thank you for your feedback, and I completely understand your concerns. The term "unhackable" can definitely raise skepticism, and I agree—nothing is completely immune to threats in cybersecurity. However, let me clarify what we mean by FortiLock's approach and how it differs from traditional single-database systems with hashed passwords.

Why FortiLock Is Different: Password Splitting:

The major difference with FortiLock is that instead of hashing and storing the entire password in one place, we split the password across two independent servers (Server A and Server B). Each server holds only a part of the password, which is hashed separately, so even if one server is compromised, the data is useless without access to the other. Decentralization:

You’re absolutely right that if the same vulnerability exists across both servers, the attacker could potentially compromise both. However, FortiLock mitigates this by splitting the infrastructure, often across different environments (or clouds), making it significantly harder for an attacker to breach both. Additionally, Server C handles email and levelpoints, further decentralizing the critical elements needed for a complete attack. So even if someone gets into Server A, without Server B and Server C, they still can’t reconstruct the full credentials. Threat Vectors:

The common attack vector with traditional hashed password systems is that once the server is breached, the attacker may gain access to the full hashed password. With enough resources, they can try brute-force or rainbow table attacks. By splitting the hashed password into two pieces, FortiLock makes it much harder for an attacker to do this, as they'd need to compromise multiple systems and reconstruct the password from two independently hashed pieces. Beyond Poor Passwords:

You're right that even with hashing, weak passwords are still vulnerable. FortiLock reduces this risk with its additional layer, the PinK System, which introduces a dynamic, monthly code that even a stolen password can’t bypass. It’s not just about having the password; it’s about passing several independent checks. Why Not Just a Single Server with Hashing? You're correct that in traditional systems, a hashed password on a single server offers decent security, especially with salting. But FortiLock isn't trying to replace hashing—we still hash the password. The key here is mitigating risk by:

Splitting the attack surface: No one server holds enough data to crack the password. Adding multi-step verification: With the PinK System, an additional layer of dynamic security ensures that even if a password is compromised, it’s not enough to access the account. Can FortiLock Be Hacked? No system is 100% immune, and I totally agree with you—everything is hackable to some extent. What FortiLock aims to do is make the attack surface so complex and decentralized that it becomes far harder and costlier for an attacker to succeed.

What Makes FortiLock Different from MFA? You’re right that FortiLock has some similarities to MFA (Multi-Factor Authentication), especially with the PinK system, where a code is sent to your email. However, the big difference with FortiLock is the way your password is stored and verified.

In a traditional system, your entire password (hashed) is stored on one server. If that server gets hacked, the attacker can get the entire hashed password and might eventually crack it, especially if the password is weak.

FortiLock takes a different approach by splitting the password across multiple servers:

Server A stores the first part of your password (say, the first 5 characters). Server B stores the second part of your password (the rest of it). Server C handles your email and something called a levelpoint, which links everything together. Why Splitting the Password Matters: Think of it like this: Imagine you wrote half of your password on a piece of paper and locked it in one safe (Server A), and the other half in a different safe (Server B). To get the full password, someone would need to break into both safes. Even if they get into one safe, the half password is useless without the other part.

In traditional systems, there’s only one safe to protect, but in FortiLock, there are two separate safes (servers) to crack, making it much harder.

Can It Be Hacked if Someone Gets the Email Code? The short answer is: It’s very difficult, because they wouldn’t just need your email code (the PinK code). Even if a hacker somehow got that code, they would still need:

Access to both servers that store your split password parts. The correct levelpoint from Server C to tie it all together. So even with the email code, without those other parts, the hacker is stuck.

Why Splitting Helps (In Simple Terms): Think of your password like a puzzle. If you only have half the pieces, the puzzle is useless. In traditional systems, the hacker can break into one server and steal the whole puzzle. In FortiLock, the puzzle is split into two separate places. So even if the hacker breaks into one place, they don’t have enough pieces to do anything with it. To Sum It Up: FortiLock isn’t just like MFA—it’s about making it much harder for hackers to get to your password in the first place, by splitting it and spreading it out across multiple places. Even if someone gets your email code, they still don’t have enough pieces of the puzzle to break in.

and the tarnished security of those products

Thank you for your info

Thank you i never thought about it

Sounds like an attack vector