Wednesday, May 8, 2013

Honeywords

Researchers have proposed that files containing encrypted passwords should include several false encrypted passwords (known as "honeywords") along with the real encrypted password. These should be indistinguishable to someone who has been able to access the file.

When one of the false passwords is entered, it would alert administrators that an attack is underway.

A similar security measure, using bogus accounts (known as "honeypot accounts"), alerts administrators when someone is trying to log into them.

No comments: