(no title)

Thank you for your feedback, and I completely understand your concerns. The term "unhackable" can definitely raise skepticism, and I agree—nothing is completely immune to threats in cybersecurity. However, let me clarify what we mean by FortiLock's approach and how it differs from traditional single-database systems with hashed passwords.

Why FortiLock Is Different: Password Splitting:

The major difference with FortiLock is that instead of hashing and storing the entire password in one place, we split the password across two independent servers (Server A and Server B). Each server holds only a part of the password, which is hashed separately, so even if one server is compromised, the data is useless without access to the other. Decentralization:

You’re absolutely right that if the same vulnerability exists across both servers, the attacker could potentially compromise both. However, FortiLock mitigates this by splitting the infrastructure, often across different environments (or clouds), making it significantly harder for an attacker to breach both. Additionally, Server C handles email and levelpoints, further decentralizing the critical elements needed for a complete attack. So even if someone gets into Server A, without Server B and Server C, they still can’t reconstruct the full credentials. Threat Vectors:

The common attack vector with traditional hashed password systems is that once the server is breached, the attacker may gain access to the full hashed password. With enough resources, they can try brute-force or rainbow table attacks. By splitting the hashed password into two pieces, FortiLock makes it much harder for an attacker to do this, as they'd need to compromise multiple systems and reconstruct the password from two independently hashed pieces. Beyond Poor Passwords:

You're right that even with hashing, weak passwords are still vulnerable. FortiLock reduces this risk with its additional layer, the PinK System, which introduces a dynamic, monthly code that even a stolen password can’t bypass. It’s not just about having the password; it’s about passing several independent checks. Why Not Just a Single Server with Hashing? You're correct that in traditional systems, a hashed password on a single server offers decent security, especially with salting. But FortiLock isn't trying to replace hashing—we still hash the password. The key here is mitigating risk by:

Splitting the attack surface: No one server holds enough data to crack the password. Adding multi-step verification: With the PinK System, an additional layer of dynamic security ensures that even if a password is compromised, it’s not enough to access the account. Can FortiLock Be Hacked? No system is 100% immune, and I totally agree with you—everything is hackable to some extent. What FortiLock aims to do is make the attack surface so complex and decentralized that it becomes far harder and costlier for an attacker to succeed.