Provided by: Sabanci Group
It has become much easier to crack a password hash with the advancements in the Graphical Processing Unit (GPU) technology. An adversary can recover a user's password using brute-force attack on password hash. Once the password has been recovered no server can detect any illegitimate user authentication (if there is no extra mechanism used). In this paper, recently, the researchers published for improving the security of hashed passwords. Roughly speaking, they propose an approach for user authentication, in which some false passwords, i.e., \"Honeywords\" are added into a password file, in order to detect impersonation.