The Impact of Exposed Passwords on Honeyword Efficacy

Explore a 12-minute conference presentation from USENIX Security '24 that examines how exposed passwords affect the effectiveness of honeyword systems in credential databases. Learn about the challenges faced by both user-chosen and algorithmically generated honeywords when attackers have access to users' passwords from other sites. Discover why current honeyword-generation algorithms struggle to achieve optimal false-positive and false-negative rates, and understand the specific limitations when dealing with password manager-generated credentials. Examine research findings that demonstrate the importance of matching honeyword generation methods to users' password generation techniques, while considering the complications that arise when defenders have limited insight into password generation patterns compared to attackers with broader access to user credentials.