Achieving Security using Honeyword

An expose of the password file is a serious security problem. The research shows that system uses encrypted form to store the original password. Jewels and Rivest proposed “Honeyword” to detect attacks against the hashed password database. Authorized password is stored with several honeywords for every user. The attacker who has stolen hash password file cannot be sure whether it is the real password or a Honeyword for an account, even if honeyword is selected properly. Entering a Honeyword to login will notify the administrator by sending the message about the breach of the password file. As the admin receives the message of the breach, the IP gets blocked for a particular time and also tries to find the location of the IP address. For the generation and encryption of the Honeyword, two encryption techniques are used such as the Salt method for encryption and “sha256” algorithm. Although the approach selects the honeywords from existing user passwords in the system.