Abstract
By harnessing Graphics Processing Unit (GPU), Field-programmable Gate Array (FPGA), and advanced cracking techniques, the success rates of server-side threats on passwords have reached unprecedented levels. Honeywords, also known as decoy passwords, have emerged as a promising detection strategy against this threat scenario. However, existing work falls short in creating a trap to counter targeted guessing attackers (\mathbf{TgA}) who exploit users' personal information to bypass honeyword-based traps. In this paper, we introduce two fundamental honeyword generation modules, namely NSecure-modifiedUI and ESecure-modifiedUI. Building upon these primary modules, we propose a hybrid honeyword-based strategy named NESec, which significantly enhances the ability to detect \mathbf{TgA} 's activities. A comparative analysis showcases the usability advantages and security benefits of the proposed NESec approach.