@inproceedings{JR13, author = { Ari Juels and Ronald L. Rivest }, title = { Honeywords: Making Password-Cracking Detectable }, doi = { 10.1145/2508859.2516671 }, acm = { 6966399 }, urla = { CCS'13 }, booktitle = { Proc. ACM CCS'13 }, publisher = { ACM }, location = { Berlin, Germany }, date = { 2013-11-04 }, eventtitle = { CCS'13 }, eventdate = { 2013-11-04/2013-11-08 }, venue = { Berlin, Germany }, OPTyear = { 2013 }, OPTmonth = { Nov. 4, }, pages = { 145--159 }, urla = { Honeywords-Project-Page }, asbtract = { We suggest a simple method for improving the security of hashed passwords: the maintenance of additional honeywords (false passwords) associated with each user's account. An adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (the honeychecker) can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted. }, }