A Literature Survey on Making Password Cracking Detectable using Honeywords

Honey word mechanism is used to detect an adversary who attempts to login with cracked passwords. We propose a simple method for improving the security of hashed passwords: the maintenance of additional "honeywords" (false passwords) associated with each user's account. An adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (the "honeychecker") can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted. This paper does a survey on how the passwords are stored on the server. This paper also discusses the different password composition policies implemented by different systems. Finally, this paper discusses about various approaches to overcome the challenges in the current authentication systems.