@inproceedings{JR13,
author = { Ari Juels and Ronald L. Rivest },
title = { Honeywords: Making Password-Cracking Detectable },
doi = { 10.1145/2508859.2516671 },
acm = { 6966399 },
urla = { CCS'13 },
booktitle = { Proc. ACM CCS'13 },
publisher = { ACM },
location = { Berlin, Germany },
date = { 2013-11-04 },
eventtitle = { CCS'13 },
eventdate = { 2013-11-04/2013-11-08 },
venue = { Berlin, Germany },
OPTyear = { 2013 },
OPTmonth = { Nov. 4, },
pages = { 145--159 },
urla = { Honeywords-Project-Page },
asbtract = { We suggest a simple method for improving the security
of hashed passwords: the maintenance of additional
honeywords (false passwords) associated with each
user's account. An adversary who steals a file of
hashed passwords and inverts the hash function
cannot tell if he has found the password or a
honeyword. The attempted use of a honeyword for
login sets off an alarm. An auxiliary server (the
honeychecker) can distinguish the user password from
honeywords for the login routine, and will set off
an alarm if a honeyword is submitted. },
}