Abstract-In the first place, here suggest a simple method for improving the security of hashed passwords: the maintenance of additional “honeywords” (false passwords) associated with each user’s account.In addition, an adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. With this in mind, the attempted use of a honeyword for login sets off an alarm. Finally ,an auxiliary server (the “honeychecker”) can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted.
