Honeyword system to deter hackers

Next Story

Facebook updates iOS Messenger with quirky stickers

Internet security experts are looking into a new approach to protecting sensitive data. Instead of merely relying on password protection, websites can use “honeyword” passcodes, or dummy passwords that would trigger an alarm if someone is hacking the website’s database or someone’s account.

This proposal follows the hacking of high-profile portals last year wherein user data was compromised. Some of the sites that were hacked include eHarmony, LinkedIn, Twitter, Evernote, LivingSocial and dating site Zoosk.

As these decoy passwords are usually never accessed and are not really owned by actual users, they may be used to transmit an alert to website administrators once they have been hacked.

The proposed measure also complements the use of dummy accounts and was suggested in a research paper entitled “Honeywords: Making Password-Cracking Detectable”. The study was jointly authored by MIT cryptography professor Ronald Rivest and RSA Labs researcher Ari Juels.

This security measure requires multiple passwords for each individual account, but only one is the actual password. If someone uses one of the dummy passwords, a “honeychecker” system housed on a separate computer would issue a warning to the website’s administrators.

“This approach is not terribly deep, but it should be quite effective, as it puts the adversary at risk of being detected with every attempted login using a password obtained by cracking. Thus, honeywords can provide a very useful layer of defence,” said the researchers.

Administrators could also tweak how the system will respond to an ongoing hack, including suspending a particular account or tracing the location of the hacker.


USED Motherboard For DA431061-0738L-AM3-7810G DDR3  AM3 - For Parts picture
USED Motherboard For DA431061-0738L-AM3-7810G DDR3 AM3 - For Parts
Otis ABA610ALR1 / ABA26800ALR Elevator Mother Board picture
Otis ABA610ALR1 / ABA26800ALR Elevator Mother Board
GE CPE80.P5 Motherboard Extension 195902 For Voluson 730 Ultrasound System picture
GE CPE80.P5 Motherboard Extension 195902 For Voluson 730 Ultrasound System
Anovo MI-965GM Intel Socket-P Embedded Mini-ITX Industrial Motherboard picture
Anovo MI-965GM Intel Socket-P Embedded Mini-ITX Industrial Motherboard
Electroglas 249914 Motherboard Power/DAR PCB Printed Circuit Board Assembly picture
Electroglas 249914 Motherboard Power/DAR PCB Printed Circuit Board Assembly