Honeyword system to deter hackers

Next Story

Facebook updates iOS Messenger with quirky stickers

Internet security experts are looking into a new approach to protecting sensitive data. Instead of merely relying on password protection, websites can use “honeyword” passcodes, or dummy passwords that would trigger an alarm if someone is hacking the website’s database or someone’s account.

This proposal follows the hacking of high-profile portals last year wherein user data was compromised. Some of the sites that were hacked include eHarmony, LinkedIn, Twitter, Evernote, LivingSocial and dating site Zoosk.

As these decoy passwords are usually never accessed and are not really owned by actual users, they may be used to transmit an alert to website administrators once they have been hacked.

The proposed measure also complements the use of dummy accounts and was suggested in a research paper entitled “Honeywords: Making Password-Cracking Detectable”. The study was jointly authored by MIT cryptography professor Ronald Rivest and RSA Labs researcher Ari Juels.

This security measure requires multiple passwords for each individual account, but only one is the actual password. If someone uses one of the dummy passwords, a “honeychecker” system housed on a separate computer would issue a warning to the website’s administrators.

“This approach is not terribly deep, but it should be quite effective, as it puts the adversary at risk of being detected with every attempted login using a password obtained by cracking. Thus, honeywords can provide a very useful layer of defence,” said the researchers.

Administrators could also tweak how the system will respond to an ongoing hack, including suspending a particular account or tracing the location of the hacker.


DELL POWEREDGE R610 SERVER E5606 2.13GHZ 96GB 5 X 300GB 15K SAS PERC 6/I picture
DELL POWEREDGE R610 SERVER E5606 2.13GHZ 96GB 5 X 300GB 15K SAS PERC 6/I
IBM IDATAPLEX DX360 M3 SERVER L5640 2.26GHZ 2GB 250GB SATA 2 X TESLA M1060 picture
IBM IDATAPLEX DX360 M3 SERVER L5640 2.26GHZ 2GB 250GB SATA 2 X TESLA M1060
IBM HS22 BLADECENTER SERVER TWO X5560 2.80GHZ 128GB 73GB 15K SAS picture
IBM HS22 BLADECENTER SERVER TWO X5560 2.80GHZ 128GB 73GB 15K SAS
HP PROLIANT BL460C G8 SERVER TWO E5-2620V2 2.10GHZ 64GB 2 X 800GB SSD 6G picture
HP PROLIANT BL460C G8 SERVER TWO E5-2620V2 2.10GHZ 64GB 2 X 800GB SSD 6G
DELL POWEREDGE R610 SERVER TWO E5606 2.13GHZ 64GB 3 X 600GB 10K SAS PERC 6/I picture
DELL POWEREDGE R610 SERVER TWO E5606 2.13GHZ 64GB 3 X 600GB 10K SAS PERC 6/I