My Academic Journey

  4.1 Meaning of the findings   The research of the honeywords demonstrates that such technology is not ready to be implemented today. Implementing honeywords today may lead to creating some additional DDos vulnerabilities. Moreover, the increase in security may not be essential in comparison with the losses of storage space. 4.2 Areas for further research   To conclude, some further research in honeyword technology is necessary to make it ready for implementation. The most important is to create a honeyword generating technique that would be capable of creating honeywords that are hard to distinguish from real passwords of a particular user. Without advanced generation technique, implementing of honeywords will make system vulnerable against DDos attacks. Such generation technique needs to be able to tweak itself for every user individually in order to eliminate the negative effect connected with using personal information in passwords. Although, current system...

  3.1 Proposed solution Honeywords are decoy passwords that trigger an alarm system when somebody is trying to log-in using them (Juels and Rivest, 2013) . Juels and Rivest (2013) propose the idea of storing a number of password hashes along with the hash of the correct password of each user. The file with logins and passwords without honeywords consists of a login and a hash of one password per user. After implementing honeyword system, the file will contain around 20 passwords per user with one correct password and several honeywords – decoy passwords. When an adversary somehow gets access to the file with logins and passwords, she needs to crack a much bigger number of passwords in order to get access to the system. However, even if adversary manages to crack all the passwords, there is always a chance that she will enter one of the honeywords that will trigger an alarm. Without honeywords the actual breach of passwords is considered to remain undetected and there would be...

  2. Literature review The current study is based on the work of Juels and Rivest published in 2013. In their work, Juels and Rivest (2013) for the first time propose honeywords as the way to make password cracking detectable. The idea itself is controversial and has a lot of weak points. To represent critical point of view, the work of Wang et al. (2017) is also used in the research. Juels and Rivest introduced an idea and described the way it can be implemented in the current industry. They had described the way honeywords could be stored and the way they could be generated and analysed. However, generating of honeywords presented in their work is widely criticised. As an example of such critique is the work of Wang et al. where the detailed analysis of honeyword generation techniques is given. Moreover, it is concluded that current generation techniques are raw and inefficient. Secondly, experimenting with modern machine learning based password crackers in order to assess...

1.1            Research problem   Passwords authentication may be seen as one of the weakiest points in the modern security chain (Febrache, 2016) . However, usually the problem is not in the passwords themselves, but in the way, people use them. According to statistics people tend to use personal information and words that can be found in dictionaries while creating their password. According to Huan at el. (2017), 23.75% of the whole password space consist of personal information. Such way of creating passwords make them extremely vulnerable against brute-force attacks. (Author's work)  Researchers all over the world are trying to develop a new authentication system which will be able to eliminate all problems connected with using passwords. However, passwords are still one of the most efficient and popular ways of authentication. Moreover, there are a lot of evidence that passwords are still here to stay with us in nea...

The survey made with the questionnaire described in previous blog post (Smut, 2021) has reached 11 responses.  It provides essential information about my current research in the field of password security. This post demonstrates the information gathered about the strength of passwords, how often users use same passwords on different services, using third person services for auto filling password forms. All of people who took part in the survey are either professionals in the field of computing or students who are planning to connect their lives with working in a computing area as can be seen from the diagrams above. Most of the participants are males, since the survey was shared with computing groups at DMUIC, that usually consist mostly of males The diagram about the length of passwords: The diagram above shows that most people have passwords less or equal to 14 characters. The minority of people have passwords less or equal to 8 characters. The most essential discovery is that no...