Slash
Fake Passwords Send Alerts When Hackers Try To Access Accounts

Get notified when someone breaches your account with this new security measure.

Ross Brooks
Ross Brooks on May 8, 2013. @greenidealism

Security experts have put forward the idea of “honeywords” – fake passwords that if used by a hacker while trying to gain access to someone’s account, would trigger an alarm.

This particular idea stems from a common practice amongst companies of creating “honeypot” accounts. Fake user accounts which don’t belong to anyone, but when accessed send an alert the company, letting them know there is an attempted hack underway.

The new measure would mean each account has a file that stores multiple cryptographically hashed passwords. If a hacker managers to crack these hashes, they would still have no way of determining which password is the real one. When they try to enter one of the fake passwords, a “honeychecker” would alert administrators of the hack attempt.

honeywords-hacking-3

Depending on the preferences of the company, this could temporarily suspend the users account until they reset their password, or it could allow the hacker access to a “fake honeypot” in which their behaviour and activities are tracked.

honeywords-hacking-2

There are some drawbacks, such as a hacker deliberately setting off the alarm for a huge number of attacks, denying users access to their accounts in the process, but these are minimal when looked at alongside the advantages.

honeywords

TOPICS: Ideas, Web & Technology
TAGS:
Ross Brooks

Recent Articles By Ross Brooks RSS

Ross is a freelance writer who specializes in topics about the environment, architecture, art, design and creative tech. He is passionate about making a difference with his writing, whether that’s to encourage social change, promote a great idea, or just share a little bit of beauty with the world. You can also find his work on Inhabitat and Techly.com.au.

more...

Thinking...