The Impact of Exposed Passwords on Honeyword Efficacy

arXiv:2309.10323v3 Announce Type: replace
Abstract: Honeywords are decoy passwords that can be added to a credential database; if a login attempt uses a honeyword, this indicates that the site's credential database has been leaked. In this paper we explore the basic requirements for honeywords to be effective, in a threat model where the attacker knows passwords for the same users at other sites. First, we show that for user-chosen (vs. algorithmically generated, i.e., by a password manager) passwords, existing honeyword-generation …

arxiv basic can credential cs.cr database decoy exposed impact leaked login passwords requirements threat threat model