Abstract
We propose a method for protecting the hashed password using non-realistic honeywords (decoy passwords). This method works effectively even if the password file disclosure happened. Recently, Imran Erguler proposed a flat honeyword generation method which selects the honeywords from existing user passwords in the system in order to provide realistic decoy passwords and for making the stealer confused. By considering the ethic in using one's credentials, here we are accepting graphical passwords(images), taking a string from the textual form of the image as password and keeping it with a set of unrealistic honeywords with necessary encryption. So hacker who steals the hashed password file cannot distinguish between the real password and the honeywords for any account, since every passwords seem unrealistic. Moreover using a honeyword to login will trigger an alarm notifying the administrator of the system about the password file disclosure.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
