Security Experts Propose New “Honeyword” System to Combat Password Breaches
Using decoy passwords as alarm triggers may help to deter thieves from hacking into accounts.
In the ongoing struggle against hackers, security experts have proposed a new way to better secure websites with sensitive password information. It’s called a “honeyword” and it is a false password that when entered triggers an alarm for that account. This technique builds on the “honeypot” dummy account system.
The new system will utilize individual files containing hashed passwords for each account. Instead of only containing one password for each account, these files will hold several, but only one is valid. Say a cracked file contains 20 different passwords for one account. If a hacker attempts to log in to the account using one of the dummy passwords, a “honeychecker” will issue an alert to administrators.
“The trick is to make the remaining 19 passwords look as good as the actual password,” says Matt Green, a professor specializing in cryptography at John Hopkins University.
Original article by Dan Goodin.
Read the full story here.
One Response to “Security Experts Propose New “Honeyword” System to Combat Password Breaches”
Lessons Learned from Zoom’s Rise… The only constant is change. An illustration of imp
A Webinar Back by popular demand! Based on what Dan is finding in reviews of several
While we’re not a news service, we often use current events to comment on trends and
Welcome IBA Forum attendees! Looking to set up your own program for people to work fr
A short. This presentation is intended for those who are planning to participate in a