International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 05 Issue: 04 | Apr-2018 www.irjet.net p-ISSN: 2395-0072 © 2018, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 1792 Security Enhancements by achieving flatness in Honeyword for web user passwords Rohini Wankhade 1 , Vishal Ubale 2 , Shivam Sharma 3 , Shilpa Gite 4 1,2,3,4 Department of Computer, Indira College of Engineering and Management, Pune, India. ---------------------------------------------------------------***-------------------------------------------------------------- Abstract - In recent years, all the activities of the countries over the world is carried out Digitally and all the information or data is shared over the network increasing the speed and efficiency of data, but this transformation of data over the digital network has threat of security i.e loosing the data of the users by the third party unauthorized persons or attackers, cyber crime has taking consistent efforts to improve the security over the network as all the scams now a days are carried digitally as the data transformation includes money transfer, online shopping, confidential data, social feeds, etc. As to maintain the security a unique identification value or term called password is given to every user and is asked to keep it secret, but the attacker still steals the password using various techniques so to avoid these threat we are using Honeywords which will be generated by existing user password and if the attackers enter the password from the honeypot alarm is raised over administrator side, also we maintaining the IP and location tracking of the user and proposing a new technique called video click based captcha scheme to authenticate between humans and robots/bots overcoming the problems of graphical password scheme captcha. Thus, this whole architecture protects and secures the data and application over the online network reducing the threats against the unauthorized users. Keywords: Authentication, Video Click based Captcha, Honeywords, Tracking, Decoy, Password 1. INTRODUCTION In recent years the whole world has stored to the Internet world for the latest gadgets which increases the speed and efficiency of the task or any specific work, when we talk about internet world i.e www(world wide web) Information security plays an vital any very important role as it is used to secure and protect the information over the network against the fake users and third party attackers and has many authentication methods such as passwords, patterns, PIN numbers, captcha, etc. The most effective authentication method carried by every system is Password which is very secured and easy for humans to understand and remember, hence security of password is an important aspect when comes to digital network, a password is unique for every user and is a secret key through which user logins any specific system and gain access to that system for carrying out further operations online(eg: online payment) the application development should also maintain the user password in hash codes or in encrypted format in database using various encryption algorithms increasing the security of the password. In recent years many unauthorized password gains are carried out by the attackers or hackers which has leaded access to the confidential as well as sensitive data over the network, as password protects the user from keeping the data safe and strain the authorization limits, we must form the new techniques to make the password more strong and protective as it will be difficult for the hackers to crack it, many companies like yahoo, e-bay, LinkedIn as faced the passwords attacks and the users passwords were revealed. As now a days peoples have fully switched to the Digital network to carry public as well as private activities like online payments, shopping, bank transactions, etc so to avoid the frauds over the internet cyber crime has introduced many techniques to manage or to provide the security from the third party users, attackers and machine robots, hence to avoid these all serious issues we are coming with the new password securing technique called honeywords generation from existing passwords and maintaining the tracks of the user which includes the internet protocol address and location attributes as Country, state, city and to provide security against the Machine bots we are using Video click based captcha authentication. This newly upcoming technique will be robust and cost effective and it will overcome all common attacks including OCR bot attacks which every existing Captcha has failed to achieve. When comes to Honeywords technique to prevent the passwords, there are two issues that should be considered to overcome these security problems: First, passwords must be protected by taking appropriate precautions and storing with their hash values computed through salting or some other complex mechanisms. Hence, for an adversary it must be hard to invert hashes to acquire plaintext passwords, Honeypot is one of the methods to identify occurrence of a password database breach, In this approach, the administrator purposely creates deceit user accounts to lure adversaries and detects a password disclosure, if any one of the honeypot passwords get used. Use of decoys for building theft-resistant and the fake password sets are stored with the real user password set to conceal the real passwords, thereby forcing an adversary to carry out a considerable amount of online work before getting the correct information. Recently, Juels and Rivest have presented the honeyword mechanism to detect an adversary who attempts to login with cracked passwords. Basically, for each username a set of sweet-words is constructed such that only one element is the correct password and the others are honeywords, Hence when an adversary tries to enter