Journal of Network Security

We proposed a most accurate and best method for improving the security of hashed passwords by providing of additional “honeywords” (false passwords) associated with each user’s account. An adversary who wants to steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. An auxiliary server (the “Honeychecker”) can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is use. we suggest an alternative approach that select the honeywords(fake pass) from existing user password in the system in order to provide realistic honeywords, a perfectly flat honeyword generation method and also to reduce the storage cost.

Keywords: Authentication, honeypot, honeywords, login, passwords, password cracking