Honeywords - Detectable Password Theft

Password theft is an ever increasing problem. One of the challenges of password theft is detecting it. A possible solution to this problem is the use of "Honeywords". Honeywords would act in a similar way to a Honeypot on a network, allowing password thefts to be detected by offering purposely seeded "fake" passwords and watching for their usage in a system. Should one of these passwords be used, the system can flag this for investigation or possibly some automated action to mitigate immediate risk. This talk examines the implementation of Honeywords, the effectiveness of it as a solution and how the concept can be extended to prevent password dumps being used across services.