Honeyword system to deter hackers

Next Story

Facebook updates iOS Messenger with quirky stickers

Internet security experts are looking into a new approach to protecting sensitive data. Instead of merely relying on password protection, websites can use “honeyword” passcodes, or dummy passwords that would trigger an alarm if someone is hacking the website’s database or someone’s account.

This proposal follows the hacking of high-profile portals last year wherein user data was compromised. Some of the sites that were hacked include eHarmony, LinkedIn, Twitter, Evernote, LivingSocial and dating site Zoosk.

As these decoy passwords are usually never accessed and are not really owned by actual users, they may be used to transmit an alert to website administrators once they have been hacked.

The proposed measure also complements the use of dummy accounts and was suggested in a research paper entitled “Honeywords: Making Password-Cracking Detectable”. The study was jointly authored by MIT cryptography professor Ronald Rivest and RSA Labs researcher Ari Juels.

This security measure requires multiple passwords for each individual account, but only one is the actual password. If someone uses one of the dummy passwords, a “honeychecker” system housed on a separate computer would issue a warning to the website’s administrators.

“This approach is not terribly deep, but it should be quite effective, as it puts the adversary at risk of being detected with every attempted login using a password obtained by cracking. Thus, honeywords can provide a very useful layer of defence,” said the researchers.

Administrators could also tweak how the system will respond to an ongoing hack, including suspending a particular account or tracing the location of the hacker.


AT24C256 Serial EEPROM I2C Interface EEPROM Data Storage Module Arduino PIC NEW picture
AT24C256 Serial EEPROM I2C Interface EEPROM Data Storage Module Arduino PIC NEW
NEW (25) ATMEL IC PARALLEL EEPROM 64KBIT 150NS 28SOIC AT28C64B-15SU picture
NEW (25) ATMEL IC PARALLEL EEPROM 64KBIT 150NS 28SOIC AT28C64B-15SU
Mitsubishi FX-EEPROM-4 Memory Module PLC JA5 picture
Mitsubishi FX-EEPROM-4 Memory Module PLC JA5
10 PCS AT24C01A-10PU-2.7 DIP-8 24C01A PU27 AT24C01 24C01 2-Wire Serial EEPROM picture
10 PCS AT24C01A-10PU-2.7 DIP-8 24C01A PU27 AT24C01 24C01 2-Wire Serial EEPROM
2 PCS PIC16F84A-04I/SO SOP-18 PIC16F84 16F84 Flash/EEPROM 8-Bit Microcontrollers picture
2 PCS PIC16F84A-04I/SO SOP-18 PIC16F84 16F84 Flash/EEPROM 8-Bit Microcontrollers