Honeywords: making password-cracking detectable

• dc.contributor.author: Juels, Ari
• dc.contributor.author: Rivest, Ronald L.
• dc.date.issued: 2013-11
• dc.identifier.isbn: 9781450324779
• dc.identifier.uri: http://hdl.handle.net/1721.1/90627
• dc.description.abstract: We propose a simple method for improving the security of hashed passwords: the maintenance of additional ``honeywords'' (false passwords) associated with each user's account. An adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (the ``honeychecker'') can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted.
• dc.language.iso: en_US
• dc.publisher: Association for Computing Machinery (ACM)
• dc.relation.isversionof: http://dx.doi.org/10.1145/2508859.2516671
• dc.source: MIT web domain
• dc.type: Article
• dc.identifier.citation: Ari Juels and Ronald L. Rivest. 2013. Honeywords: making password-cracking detectable. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS '13). ACM, New York, NY, USA, 145-160.
• dc.contributor.department: Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• dc.contributor.mitauthor: Rivest, Ronald L.
• dc.relation.journal: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS '13)
• dc.eprint.version: Original manuscript
• dc.identifier.orcid: https://orcid.org/0000-0002-7105-3690