In order to gain access to protected resources, users are often required to enter static passwords in order to prove their identity. Different applications, accounts or other types of protected resources associated with a given user may each require entry of a distinct alphanumeric password, thereby necessitating that the user remember multiple such passwords in order to access the corresponding resources. This is not only unduly burdensome for the user, but can also undermine security in that the user will often write down the passwords or otherwise make them vulnerable to inadvertent disclosure.
Various password-hardening systems are known that attempt to alleviate this situation. For example, it is possible for a user to store multiple passwords in encrypted form in a so-called password “vault” that is protected by a master password. Nonetheless, such password-hardening systems can remain susceptible to attack. In the case of a password vault, compromise of the master password gives the attacker immediate access to multiple valid passwords stored in the vault. Similar issues arise in hashed password files and other arrangements involving storage of multiple valid passwords.
A. Juels and R. L. Rivest, “Honeywords: Making Password-Cracking Detectable,” ACM CCS, 145-60 (2013) (hereinafter, “Juels and Rivest”), incorporated by reference herein, describes the use of honeywords to conceal a real password of a user (in a random position) in a password file among a number of fake or decoy passwords known as “honeywords” or chaff passwords. Together, the real password and honeywords are often called sweetwords. An attacker that steals the file but fails to distinguish the real password from the honeywords may attempt to authenticate using a honeyword, alerting the system to the theft. The effectiveness of this scheme relies on the generation of good honeywords. Honeywords must sufficiently resemble true passwords to deceive the attacker.
Thus, an important requirement for effective honeywords is that honeywords be indistinguishable from real passwords. In other words, confronted with a randomly ordered list of sweetwords, an attacker should, with high probability, be unable to identify the real password. A need therefore remains for improved techniques for generating plausible-looking honeywords that satisfy this adversarial requirement.