all InfoSec news
The Impact of Exposed Passwords on Honeyword Efficacy. (arXiv:2309.10323v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Honeywords are decoy passwords that can be added to a credential database; if
a login attempt uses a honeyword, this indicates that the site's credential
database has been leaked. In this paper we explore the basic requirements for
honeywords to be effective, in a threat model where the attacker knows
passwords for the same users at other sites. First, we show that for
user-chosen (vs. algorithmically generated, i.e., by a password manager)
passwords, existing honeyword-generation algorithms largely fail to achieve …
attacker basic credential database decoy exposed impact leaked login passwords requirements threat threat model