Honeyword-based Authentication Techniques for Protecting Passwords: A Survey

Abstract

Honeyword (or decoy password) based authentication, first introduced by Juels and Rivest in 2013, has emerged as a security mechanism that can provide security against server-side threats on the password-files. From the theoretical perspective, this security mechanism reduces attackers' efficiency to a great extent as it detects the threat on a password-file so that the system administrator can be notified almost immediately as an attacker tries to take advantage of the compromised file. This paper aims to present a comprehensive survey of the relevant research and technological developments in honeyword-based authentication techniques. We cover twenty-three techniques related to honeyword, reported under different research articles since 2013. This survey paper helps the readers to (i) understand how honeyword based security mechanism works in practice, (ii) get a comparative view on the existing honeyword based techniques, and (iii) identify the existing gaps that have yet to be filled and the emergent research opportunities.