On Designing A Questionnaire Based Legacy-UI Honeyword Generation Approach For Achieving Flatness
This addresses a security and usability issue in password protection for systems using honeywords, though it appears incremental as it builds on prior work to improve flatness.
The paper tackles the problem of achieving flatness in honeyword generation, where existing methods fall short or rely on unrealistic assumptions, and proposes a questionnaire-based authentication system using episodic memory that generates significantly flatter honeyword lists compared to existing protocols.
Modern trend sees a lot usage of \textit{honeywords} (or fake password) for protecting the original passwords in the password file. However, the usage of \textit{honeywords} has strongly been criticized under the different security and usability parameters. Though many of these issues have been successfully resolved, research in this domain is still facing difficulties in \textit{achieving flatness} (or producing the equally probable \textit{honeywords} with reference to the original password). Though recent studies have made a significant effort to meet this criterion, we show that they either fall short or are based on some unrealistic assumptions. To practically fulfill this flatness criterion, we propose a questionnaire-oriented authentication system based on the episodic (or long term) memory of the users. Our study reveals that proposed mechanism is capable of generating significantly improved flatter list of \textit{honeywords} compared to the existing protocols. The subsequent discussion shows that the proposed system also overcomes all the limitations of the existing state of arts with no lesser than $95\%$ goodness.