As a radical new way to secure passwords has been unveiled by researchers, they say fooling hackers is the main trick, UK MailOnline reported.
The new honey encryption system relies on tricking cybercriminals.
By fooling the hacker repeatedly, it gives hackers fake data in response to incorrect password guesses.
According to UK MailOnline, researchers said it is the first of a new breed of encryption tools designed to trick hackers.
"Decoys and deception are really underexploited tools in fundamental computer security," Ari Juels, an independent researcher who was previously chief scientist at computer security company RSA, told MIT Technology Review.
Along with Thomas Ristenpart of the University of Wisconsin, Juels has developed a new encryption system with a trick up its sleeve.
By serving up fake data in response to every incorrect guess of the password or encryption key, it gives encrypted data an additional layer, UK MailOnline reported.
The real data will get lost amongst the crowd of spoof data even if the attacker does eventually guess the password correctly, the researchers said.
"Honeywords are a defense against stolen password files," they wrote. "Specifically, they are bogus passwords placed in the password file of an authentication server to deceive attackers."
They continued, "Honeywords resemble ordinary, user-selected passwords. It's hard therefore for an attacker that steals a honeyword-laced password file to distinguish between honeywords and true user passwords."
According to UK MailOnline, given how frequently large encrypted password files appear to fall into the hands of criminals, the new approach could be valuable.
For example, almost 150 million usernames and passwords were taken from Adobe servers in October 2013, and Target was among those worst hit by a more recent breach.
Currently, hackers use software to guess thousands of passwords. When an attempt is correct, current systems just produce junk codes.
The new system however, simply generates a piece of fake data resembling the true data, UK MailOnline reported.
The team said if 10,000 attempts were made by an attacker to decrypt a credit card number, then they would get back 10,000 different fake credit card numbers.
"Each decryption is going to look plausible," said Juels. "The attacker has no way to distinguish a priori which is correct."
© 2025 HNGN, All rights reserved. Do not reproduce without permission.
