Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Experimental project
This is a sandbox project, which contains experimental code for developer use only.
Description
WARNING, this module is not yet stable! Do not use it!
Honeywords is a module that will generate fake passwords ("honeywords") for
every user on the site. The main use of this module is to make it harder for
an attacker to penetrate your site without being detected (and notifying you
of data leaks that may otherwise have gone unnoticed). It has the side benefit
of making the password database generally less useful for hackers targetting
your users.
Honeywords is an attempt at implementing the Juels-Rivest MIT paper:
http://people.csail.mit.edu/rivest/honeywords/
To be clear, of the many attack scenarios listed in the paper, this module
(and this concept) only addresses a "Stolen [list] of password hashes" scenario.
There are other modules to help you implement security policies addressing the
others. Preventing data leaks in the first place is of course more important,
but damage control should be a part of any responsible security policy.
Limitations
A lot of things can diminish or nullify the usefulness of this module. See the README
file for details.
Project information
Seeking co-maintainer(s)
Maintainers are looking for help reviewing issues.- Created by gboudrias on , updated
