SlideShare a Scribd company logo

PASSWORD SECURITY BASED ON HONEYWORD

Download as PPTX, PDF
D
Devyani Chaudhari

Honeywords are additional fake passwords that are stored alongside real user passwords to improve security. When a password file is stolen, attackers cannot determine the real passwords from the honeywords. The document discusses types of attacks, password policies, how honeywords are generated and stored, and how they create confusion for attackers to better protect user passwords and detect hacking attempts.

Education
1 of 17
PASSWORD SECURITY BASED ON HONEYWORD
CONTENTS • Introduction • Types of Attacks • Password Eligibility Policy • Attack Scenarios • What is Honeyword • Hashing The Password • Honeyword Generation Method • Honeychecker • Structure of Honeyword • Use of Honeyword • Conclusion
• Now a days millions of people face the problem of password security. Because no matter how much money or time you invest in managing the usernames and passwords, your service is still not secured.  For example: online payment for shopping using credit card , where they ask us to give our personal details like credit card number, CVV, expiry date .which can be easily hacked by the hacker through the database . • To overcome such problems the concept of honeyword is introduced where the passwords can be secured . INTRODUCTION
TYPES OF ATTACKS 1. Brute force attack. 2. Guessing attacks. 3. Network monitoring. 4. Phishing 5. Malwares
PASSWORD ELIGIBILITY POLICY 1. Password syntax 2. Dictionary words 3. Most common passwords 4. Popular passwords
Password syntax rules • Password values must include a variety of characters within the supported characted set . • for exmple.  Both alphabetic& numeric character requied  At least one special character is required, such as a symbol, an character, or a punctuation mark.  At least uppercase & lowercase latter is required.  Password value must be in minimum lenth.
List of some common passwords 1. 123456 2. 123456789 3. qwerty 4. password 5. 111111 6. 12345678 7. abc123 8. 1234567 9. password1 10. 12345
List of some popular passwords 1. 666666 2. 18atcskd2w 3. 7777777 4. 1q2w3e4r 5. 654321 6. 555555 7. 3rjs1la7qe 8. Tafuna123 9. 1q2w3e4r5t 10. ilovekimora 11. 24 Superman2231 12. 25 BEBE POGI
ATTACK SCENARIOS 1. Stolen files of password hashes 2. Visible passwords 3. Same password for many systems or services 4. Passwords stolen from users 5. Password change compromised
WHAT IS HONEYWORD ? • A simple method for improving the security of the hashed passwords. • The maintenance of additional honeywords (false passwords) associated with each user’s account. • An adversary who steals a file of hashed passwords and inverts The hash function cannot tell if he has found the password or honeyword. HASHING THE PASSWORD • Hashes of the password are stored. When user submits password, it is hashed and compared to the stored value. • If attacker gains database, he gets the user-ID and hash value of the password. • So for the attacker it is somewhat difficult to crack the password compared to the before method.
HONEYWORD GENERATION METHOD : 1. Chaffing-by- tweaking 2. Chaffing-with- a-password- model 3. Chaffing with tough nuts 4. Hybrid Method
HONEYCHECKER 1. Set: i, j Sets c(i) to have value j. 2. Check: i, j Checks that c(i) = j. May return result of check to requesting computer system. May raise an alarm if check fails.
STRUCTURE OF HONEYWORD
USE OF HONEYWORD • An auxiliary service called a honeychecker checks whether a password submitted by a user on login is her true password or a honeyword.
CONCLUSION • Using honeyword we can secure our data. • Honeyword makes password more secure and reliable and it creates confusion for the attacker. • Due to this any hacker’s hacking activity will set alarm for user so that he can secure his data. • Attackers can then refine their models of user password selection and design faster password cracking algorithms. Thus every breach of a password server has the potential to improve future attacks. • Some Honeyword generation strategies, particularly chaffing ones, obscure actual user password choices, and thus complicate model building for would- be hash crackers.
PASSWORD SECURITY BASED ON HONEYWORD

Recommended

Network Security and Cryptography.pdf
Network Security and Cryptography.pdfNetwork Security and Cryptography.pdf
Network Security and Cryptography.pdfAdityaKumar1548
 
Encryption
Encryption Encryption
Encryption Adnan Malak
 
Analysis of HTTP Security Headers in Turkey
Analysis of HTTP Security Headers in TurkeyAnalysis of HTTP Security Headers in Turkey
Analysis of HTTP Security Headers in TurkeyDr. Emin İslam Tatlı
 
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...ThreatReel Podcast
 
Session6-Protecct Sensetive Data
Session6-Protecct Sensetive DataSession6-Protecct Sensetive Data
Session6-Protecct Sensetive Datazakieh alizadeh
 
Presentation 3 1 1 1
Presentation 3 1 1 1Presentation 3 1 1 1
Presentation 3 1 1 1Ashwin Kumar
 
Lect5 authentication 5_dec_2012-1
Lect5 authentication 5_dec_2012-1Lect5 authentication 5_dec_2012-1
Lect5 authentication 5_dec_2012-1Khawar Nehal khawar.nehal@atrc.net.pk
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based SecurityRare Input
 

Recommended

Network Security and Cryptography.pdf
Network Security and Cryptography.pdfNetwork Security and Cryptography.pdf
Network Security and Cryptography.pdfAdityaKumar1548
 
Encryption
Encryption Encryption
Encryption Adnan Malak
 
Analysis of HTTP Security Headers in Turkey
Analysis of HTTP Security Headers in TurkeyAnalysis of HTTP Security Headers in Turkey
Analysis of HTTP Security Headers in TurkeyDr. Emin İslam Tatlı
 
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...ThreatReel Podcast
 
Session6-Protecct Sensetive Data
Session6-Protecct Sensetive DataSession6-Protecct Sensetive Data
Session6-Protecct Sensetive Datazakieh alizadeh
 
Presentation 3 1 1 1
Presentation 3 1 1 1Presentation 3 1 1 1
Presentation 3 1 1 1Ashwin Kumar
 
Lect5 authentication 5_dec_2012-1
Lect5 authentication 5_dec_2012-1Lect5 authentication 5_dec_2012-1
Lect5 authentication 5_dec_2012-1Khawar Nehal khawar.nehal@atrc.net.pk
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based SecurityRare Input
 
Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Dr. P. Mohana Priya
 
Redesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern WebRedesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern WebCliff Smith
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4skimil
 
Web security and OWASP
Web security and OWASPWeb security and OWASP
Web security and OWASPIsuru Samaraweera
 
cryptographydiksha.pptx
cryptographydiksha.pptxcryptographydiksha.pptx
cryptographydiksha.pptxDIKSHABORKAR8
 
Getting authentication right
Getting authentication rightGetting authentication right
Getting authentication rightAndre N. Klingsheim
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Token Authentication for Java Applications
Token Authentication for Java ApplicationsToken Authentication for Java Applications
Token Authentication for Java ApplicationsStormpath
 
Modern Web Security
Modern Web SecurityModern Web Security
Modern Web SecurityBill Condo
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologiesNicholas Davis
 
Storing passwords-honey words
Storing passwords-honey wordsStoring passwords-honey words
Storing passwords-honey wordskandulasindhu
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
2018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 82018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 8FRSecure
 
CNIT 129: 6. Attacking Authentication
CNIT 129: 6. Attacking AuthenticationCNIT 129: 6. Attacking Authentication
CNIT 129: 6. Attacking AuthenticationSam Bowne
 
CNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking AuthenticationCNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking AuthenticationSam Bowne
 
PHISHING URL - Review 1.pptx
PHISHING URL - Review 1.pptxPHISHING URL - Review 1.pptx
PHISHING URL - Review 1.pptxArulvincent3
 
Cyber Security(Password Cracking Presentation).pptx
Cyber Security(Password Cracking Presentation).pptxCyber Security(Password Cracking Presentation).pptx
Cyber Security(Password Cracking Presentation).pptxVASUOFFICIAL
 
Online Education.pptx
Online Education.pptxOnline Education.pptx
Online Education.pptxDevyani Chaudhari
 
SQL
SQLSQL
SQLDevyani Chaudhari
 

More Related Content

Similar to PASSWORD SECURITY BASED ON HONEYWORD

Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Dr. P. Mohana Priya
 
Redesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern WebRedesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern WebCliff Smith
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4skimil
 
cryptographydiksha.pptx
cryptographydiksha.pptxcryptographydiksha.pptx
cryptographydiksha.pptxDIKSHABORKAR8
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Token Authentication for Java Applications
Token Authentication for Java ApplicationsToken Authentication for Java Applications
Token Authentication for Java ApplicationsStormpath
 
Modern Web Security
Modern Web SecurityModern Web Security
Modern Web SecurityBill Condo
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologiesNicholas Davis
 
Storing passwords-honey words
Storing passwords-honey wordsStoring passwords-honey words
Storing passwords-honey wordskandulasindhu
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
2018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 82018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 8FRSecure
 
CNIT 129: 6. Attacking Authentication
CNIT 129: 6. Attacking AuthenticationCNIT 129: 6. Attacking Authentication
CNIT 129: 6. Attacking AuthenticationSam Bowne
 
CNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking AuthenticationCNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking AuthenticationSam Bowne
 
PHISHING URL - Review 1.pptx
PHISHING URL - Review 1.pptxPHISHING URL - Review 1.pptx
PHISHING URL - Review 1.pptxArulvincent3
 
Cyber Security(Password Cracking Presentation).pptx
Cyber Security(Password Cracking Presentation).pptxCyber Security(Password Cracking Presentation).pptx
Cyber Security(Password Cracking Presentation).pptxVASUOFFICIAL
 

Similar to PASSWORD SECURITY BASED ON HONEYWORD (20)

Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Introduction to Web Application Security Principles
Introduction to Web Application Security Principles
 
Redesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern WebRedesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern Web
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4
 
Web security and OWASP
Web security and OWASPWeb security and OWASP
Web security and OWASP
 
cryptographydiksha.pptx
cryptographydiksha.pptxcryptographydiksha.pptx
cryptographydiksha.pptx
 
Getting authentication right
Getting authentication rightGetting authentication right
Getting authentication right
 
User authentication
User authenticationUser authentication
User authentication
 
Token Authentication for Java Applications
Token Authentication for Java ApplicationsToken Authentication for Java Applications
Token Authentication for Java Applications
 
Modern Web Security
Modern Web SecurityModern Web Security
Modern Web Security
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
 
Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologies
 
Storing passwords-honey words
Storing passwords-honey wordsStoring passwords-honey words
Storing passwords-honey words
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token Authentication
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
2018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 82018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 8
 
CNIT 129: 6. Attacking Authentication
CNIT 129: 6. Attacking AuthenticationCNIT 129: 6. Attacking Authentication
CNIT 129: 6. Attacking Authentication
 
CNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking AuthenticationCNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking Authentication
 
PHISHING URL - Review 1.pptx
PHISHING URL - Review 1.pptxPHISHING URL - Review 1.pptx
PHISHING URL - Review 1.pptx
 
Cyber Security(Password Cracking Presentation).pptx
Cyber Security(Password Cracking Presentation).pptxCyber Security(Password Cracking Presentation).pptx
Cyber Security(Password Cracking Presentation).pptx
 

More from Devyani Chaudhari

Troubleshooting methods of computer peripherals
Troubleshooting methods of computer peripheralsTroubleshooting methods of computer peripherals
Troubleshooting methods of computer peripheralsDevyani Chaudhari
 
INTRODUCTION TO ARDUINO & RASPBERRY, SENSOR AND TEMPERATURE INTERAFCING
INTRODUCTION TO ARDUINO & RASPBERRY, SENSOR AND TEMPERATURE INTERAFCINGINTRODUCTION TO ARDUINO & RASPBERRY, SENSOR AND TEMPERATURE INTERAFCING
INTRODUCTION TO ARDUINO & RASPBERRY, SENSOR AND TEMPERATURE INTERAFCINGDevyani Chaudhari
 

More from Devyani Chaudhari (6)

Online Education.pptx
Online Education.pptxOnline Education.pptx
Online Education.pptx
 
SQL
SQLSQL
SQL
 
Troubleshooting methods of computer peripherals
Troubleshooting methods of computer peripheralsTroubleshooting methods of computer peripherals
Troubleshooting methods of computer peripherals
 
Elastic Block Storage (EBS)
Elastic Block Storage (EBS)Elastic Block Storage (EBS)
Elastic Block Storage (EBS)
 
INTRODUCTION TO ARDUINO & RASPBERRY, SENSOR AND TEMPERATURE INTERAFCING
INTRODUCTION TO ARDUINO & RASPBERRY, SENSOR AND TEMPERATURE INTERAFCINGINTRODUCTION TO ARDUINO & RASPBERRY, SENSOR AND TEMPERATURE INTERAFCING
INTRODUCTION TO ARDUINO & RASPBERRY, SENSOR AND TEMPERATURE INTERAFCING
 
DATA STRUCTURE - STACK
DATA STRUCTURE - STACKDATA STRUCTURE - STACK
DATA STRUCTURE - STACK
 

Recently uploaded

REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Pooja Bhuva
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 

Recently uploaded (20)

REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 

PASSWORD SECURITY BASED ON HONEYWORD

  • 2. CONTENTS • Introduction • Types of Attacks • Password Eligibility Policy • Attack Scenarios • What is Honeyword • Hashing The Password • Honeyword Generation Method • Honeychecker • Structure of Honeyword • Use of Honeyword • Conclusion
  • 3. • Now a days millions of people face the problem of password security. Because no matter how much money or time you invest in managing the usernames and passwords, your service is still not secured.  For example: online payment for shopping using credit card , where they ask us to give our personal details like credit card number, CVV, expiry date .which can be easily hacked by the hacker through the database . • To overcome such problems the concept of honeyword is introduced where the passwords can be secured . INTRODUCTION
  • 4. TYPES OF ATTACKS 1. Brute force attack. 2. Guessing attacks. 3. Network monitoring. 4. Phishing 5. Malwares
  • 5. PASSWORD ELIGIBILITY POLICY 1. Password syntax 2. Dictionary words 3. Most common passwords 4. Popular passwords
  • 6. Password syntax rules • Password values must include a variety of characters within the supported characted set . • for exmple.  Both alphabetic& numeric character requied  At least one special character is required, such as a symbol, an character, or a punctuation mark.  At least uppercase & lowercase latter is required.  Password value must be in minimum lenth.
  • 7.
  • 8. List of some common passwords 1. 123456 2. 123456789 3. qwerty 4. password 5. 111111 6. 12345678 7. abc123 8. 1234567 9. password1 10. 12345
  • 9. List of some popular passwords 1. 666666 2. 18atcskd2w 3. 7777777 4. 1q2w3e4r 5. 654321 6. 555555 7. 3rjs1la7qe 8. Tafuna123 9. 1q2w3e4r5t 10. ilovekimora 11. 24 Superman2231 12. 25 BEBE POGI
  • 10. ATTACK SCENARIOS 1. Stolen files of password hashes 2. Visible passwords 3. Same password for many systems or services 4. Passwords stolen from users 5. Password change compromised
  • 11. WHAT IS HONEYWORD ? • A simple method for improving the security of the hashed passwords. • The maintenance of additional honeywords (false passwords) associated with each user’s account. • An adversary who steals a file of hashed passwords and inverts The hash function cannot tell if he has found the password or honeyword. HASHING THE PASSWORD • Hashes of the password are stored. When user submits password, it is hashed and compared to the stored value. • If attacker gains database, he gets the user-ID and hash value of the password. • So for the attacker it is somewhat difficult to crack the password compared to the before method.
  • 12. HONEYWORD GENERATION METHOD : 1. Chaffing-by- tweaking 2. Chaffing-with- a-password- model 3. Chaffing with tough nuts 4. Hybrid Method
  • 13. HONEYCHECKER 1. Set: i, j Sets c(i) to have value j. 2. Check: i, j Checks that c(i) = j. May return result of check to requesting computer system. May raise an alarm if check fails.
  • 15. USE OF HONEYWORD • An auxiliary service called a honeychecker checks whether a password submitted by a user on login is her true password or a honeyword.
  • 16. CONCLUSION • Using honeyword we can secure our data. • Honeyword makes password more secure and reliable and it creates confusion for the attacker. • Due to this any hacker’s hacking activity will set alarm for user so that he can secure his data. • Attackers can then refine their models of user password selection and design faster password cracking algorithms. Thus every breach of a password server has the potential to improve future attacks. • Some Honeyword generation strategies, particularly chaffing ones, obscure actual user password choices, and thus complicate model building for would- be hash crackers.