On Designing A Questionnaire Based Legacy-UI Honeyword Generation Approach For Achieving Flatness

TL;DR

This paper introduces a questionnaire-based honeyword generation method leveraging user memory to produce more uniformly probable fake passwords, addressing flatness issues in existing approaches.

Contribution

It proposes a novel questionnaire-oriented authentication system that significantly improves honeyword flatness and overcomes limitations of prior methods.

Findings

Generated honeywords show over 95% flatness.

The system outperforms existing protocols in security and usability.

Addresses limitations of previous honeyword generation techniques.

Abstract

Modern trend sees a lot usage of \textit{honeywords} (or fake password) for protecting the original passwords in the password file. However, the usage of \textit{honeywords} has strongly been criticized under the different security and usability parameters. Though many of these issues have been successfully resolved, research in this domain is still facing difficulties in \textit{achieving flatness} (or producing the equally probable \textit{honeywords} with reference to the original password). Though recent studies have made a significant effort to meet this criterion, we show that they either fall short or are based on some unrealistic assumptions. To practically fulfill this flatness criterion, we propose a questionnaire-oriented authentication system based on the episodic (or long term) memory of the users. Our study reveals that proposed mechanism is capable of generating significantly improved flatter list of \textit{honeywords} compared to the existing protocols. The subsequent discussion shows that the proposed system also overcomes all the limitations of the existing state of arts with no lesser than $95\%$ goodness.