Honeywords Generation Method for Passwords based on User Behaviours

The Honeywords are selected deliberately, such that a cyber-attacker who steals a file of hashed passwords cannot be sure, if it is the real password or a Honeywords for any account. Moreover, entering with a Honeywords to login will trigger an alarm notifying the administrator about a password file breach. At the expense of increasing the storage requirement by 24 times, the authors introduce a simple and effective solution to the detection of password file disclosure events. In this study, it scrutinizes the Honeywords system and highlight possible weak points. Also, it suggest an alternative approach that selects the Honeywords from existing user information, a generic password list, dictionary attack, and by shuffling the characters. Four sets of Honeywords are added to the system that resembles the real passwords, thereby achieving an extremely flat Honeywords generation method. To measure the human behaviors in relation to trying to crack the password, a tested engaged with by 820 people was created to determine the appropriate words for the traditional and proposed methods.