Honeywords are the latest defence against hackers

31 January 2014

Ok, so your password is probably 123456, or your surname, or your date of birth, but now even if you’ve got a supremely guessable password, a new data encryption system could save you from being hacked.


Say if someone is trying to hack your Hotmail account (hahaha, Hotmail!), every time a hacker attempts to guess your password, if you use the Honey Encryption system, then it will give the attacker fake data. Even if they guess the password, your real data will be impossible to find under layers of made-up data.

Let’s go over to Thomas Ristenpart, who developed the system at the University of Wisconsin.

‘Honeywords are bogus passwords placed in the password file of an authentication server to deceive attackers. Honeywords resemble ordinary, user-selected passwords. It’s hard therefore for an attacker that steals a honeyword-laced password file to distinguish between honeywords and true user passwords.’


At the moment, when a password attempt is incorrect, computers just generate junk data. But Honey Encryption lures hackers down the wrong path by planting perfectly plausible data that looks a bit like the real thing. That makes them think they used the right password, but they didn’t. Screw you, guys!

This could be a major weapon in the fight against CYBER CRIME. Until they work it out, of course.

TOPICS:   Technology   Privacy   Scams


  • James E.
    From reading that quote you've got the wrong end of the stick Lucy. There has been a spate of hackers gaining access to databases which contain usernames and passwords. Since many people share passwords between sites it's easy for people get to more important data. From your quote it sounds like instead of having one user/password combination there are many passwords per user, only one being real.
  • James E.
    In fact it's not this, using your example for hotmail: If a hacker enters a incorrect password the user would still betaken to an inbox, however it would be a fake inbox. Hotmail is a very bad example however as legitimate people often type the incorrect passwords.
  • Duma S.
    Surely you're not saying that one of the BW "writers" has completely misunderstood an article they've lifted from elsewhere before regurgitating it here as the usual load of ill informed bollocks?
  • barry f.
    FUCK OFF FERAL TROLLEY!.....you massive massive metallic meshed cunt!
  • fuqstix
    I agree with barry.

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment