Slashdot Mirror

← Back to Stories (view on slashdot.org)

Honeywords — Honeypot Passwords

Posted by Soulskill on from the oh-bother dept.

CowboyRobot writes "Businesses should seed their password databases with fake passwords and then monitor all login attempts for use of those credentials to detect if hackers have stolen stored user information. That's the thinking behind the 'honeywords' concept first proposed this month in 'Honeywords: Making Password-Cracking Detectable (PDF),' a paper written by Ari Juels, chief scientist at security firm RSA, and MIT professor Ronald L. Rivest (the 'R' in 'RSA'). Honeywords aren't meant to serve as a replacement for good password security practices. But as numerous breaches continue to demonstrate, regardless of the security that businesses have put in place, they often fail to detect when users' passwords have been compromised."

1 of 110 comments (clear)

  1. Re:How does this work? by zindorsky · · Score: 5, Informative

    When you use one of the fake ID and passwords to try to log in. That will set off an alarm in the system that someone has stolen the database. Think about it - it's really quite clever.

    --
    If the geiger counter does not click, the coffee, she is not thick.