Headlines

'Honeypot Passwords': How To Hoax A Hacker And Keep Your Online Account Safe

By

As a radical new way to secure passwords has been unveiled by researchers, they say fooling hackers is the main trick, UK MailOnline reported.

The new honey encryption system relies on tricking cybercriminals.

By fooling the hacker repeatedly, it gives hackers fake data in response to incorrect password guesses.

According to UK MailOnline, researchers said it is the first of a new breed of encryption tools designed to trick hackers.

"Decoys and deception are really underexploited tools in fundamental computer security," Ari Juels, an independent researcher who was previously chief scientist at computer security company RSA, told MIT Technology Review.

Along with Thomas Ristenpart of the University of Wisconsin, Juels has developed a new encryption system with a trick up its sleeve.

By serving up fake data in response to every incorrect guess of the password or encryption key, it gives encrypted data an additional layer, UK MailOnline reported.

The real data will get lost amongst the crowd of spoof data even if the attacker does eventually guess the password correctly, the researchers said.

"Honeywords are a defense against stolen password files," they wrote. "Specifically, they are bogus passwords placed in the password file of an authentication server to deceive attackers."

They continued, "Honeywords resemble ordinary, user-selected passwords. It's hard therefore for an attacker that steals a honeyword-laced password file to distinguish between honeywords and true user passwords."

According to UK MailOnline, given how frequently large encrypted password files appear to fall into the hands of criminals, the new approach could be valuable.

For example, almost 150 million usernames and passwords were taken from Adobe servers in October 2013, and Target was among those worst hit by a more recent breach.

Currently, hackers use software to guess thousands of passwords. When an attempt is correct, current systems just produce junk codes.

The new system however, simply generates a piece of fake data resembling the true data, UK MailOnline reported.

The team said if 10,000 attempts were made by an attacker to decrypt a credit card number, then they would get back 10,000 different fake credit card numbers.

"Each decryption is going to look plausible," said Juels. "The attacker has no way to distinguish a priori which is correct."

© 2025 HNGN, All rights reserved. Do not reproduce without permission.

Most Read
Lithuania bombs own bunkers

NATO Member Bombs Their Own Bunkers in Preparation For Possible Russian Siege

Sarah Grace Patrick mugshot
Georgia Teen Accused of Killing Parents In Their Bed Urged TikTokers to Investigate Murders: 'Would Be a Really Big Hit'
iPhone 17 Rumored to Feature 12GB RAM Across All Models:
Apple iPhone Fold New Rumors: Possible Lower Price Tag Revealed for Foldable
Ghislaine and Trump_07172025_1
Epstein Accomplice's Lawyer Suggests Trump Would 'Agree' With Argument for Her Appeal: 'He's the Ultimate Dealmaker'
Trump 'Brags' About Bribing Republican Lawmakers to Vote for 'Big,
Trump 'Brags' About Illegally Bribing GOP Congressman to Vote for 'Big, Beautiful Bill': 'I Did Him a Very Big, Big Favor'
Editor's Pick
Robert Francis Prevost
World

Who Is Cardinal Robert Francis Prevost? First American Pope To Be Known As 'Pope Leo XIV'

European Space Agency
Science

Soviet Kosmos 482 Spacecraft Likely Crashed To Earth After 53 Years In Orbit

Robot
World

Robot 'Attacks' Human In Chinese Factory: What Went Wrong And Should We Be Scared?

India and Pakistan are locked in an escalating diplomatic war of words after New Delhi said Islamabad was linked to a militant attack on tourists in Indian-administered Kashmir
India

Why Is India Attacking Pakistan and What is Operation Sindoor: What You Need to Know