Bernoulli Honeywords

Ke Coby Wang

Network and Distributed System Security (NDSS) Symposium 2024 · Day 2 · Policy & Intelligence

Ke Coby Wang's presentation on "Bernoulli Honeywords" at the NDSS Symposium introduces a groundbreaking methodology for the proactive detection of credential database breaches. This work directly confronts one of cybersecurity's most persistent and costly challenges: the alarmingly protracted period between a database compromise and its discovery, which typically spans between seven and fifteen months. During this extensive window, attackers are free to exploit stolen credentials, often engaging in widespread credential stuffing campaigns that leverage users' tendency to reuse passwords across multiple services. The financial and reputational ramifications for organizations are severe, with IBM estimating the average cost of breach detection and escalation at a staggering $1.24 million.