A fake password (or honeytoken credential) is a deliberately inserted credential that:
Examples:
In 2024, a global financial firm faced 2,000+ daily fake password prompts from phishing campaigns. They launched a password de fakings initiative with three pillars: Password de fakings
Within 90 days, credential theft dropped to zero. Their CISO stated: “Password de fakings isn't just a tool—it’s a mindset shift from reactive to preemptive security.” A fake password (or honeytoken credential) is a
Fake passwords are intentionally created credentials that: Examples:
You’re reading an article on a trusted news site. Suddenly, a modal window appears: "Your session has expired. Please re-enter your password."
De-faking response: Close the tab. Open a new tab and manually go to the site. Never enter credentials into a pop-up.
