Honey Account
What is Honey Account?
Honey AccountA decoy credential or account — often without a full identity persona — designed to trigger alerts when attempted by an attacker.
A honey account is a credential-centric decoy: a username/password pair, an API key, a service account, or a SaaS user that is deliberately exposed in places attackers tend to look — scripts, configuration files, password vaults, repositories, or paste sites. The credential is monitored, so any authentication attempt indicates compromise. Honey accounts differ from honeyusers in emphasis: honeyusers build a believable persona (HR record, mailbox, group memberships) to catch enumeration and lateral movement, while honey accounts focus on detecting use of a leaked or stolen secret. Both are types of honeytokens and commonly overlap in mature deception programs.
● Examples
- 01
An AWS access key dropped in a public GitHub gist that alerts on first use.
- 02
A fake Okta admin login planted in the password manager to detect compromise.
● Frequently asked questions
What is Honey Account?
A decoy credential or account — often without a full identity persona — designed to trigger alerts when attempted by an attacker. It belongs to the Defense & Operations category of cybersecurity.
What does Honey Account mean?
A decoy credential or account — often without a full identity persona — designed to trigger alerts when attempted by an attacker.
How does Honey Account work?
A honey account is a credential-centric decoy: a username/password pair, an API key, a service account, or a SaaS user that is deliberately exposed in places attackers tend to look — scripts, configuration files, password vaults, repositories, or paste sites. The credential is monitored, so any authentication attempt indicates compromise. Honey accounts differ from honeyusers in emphasis: honeyusers build a believable persona (HR record, mailbox, group memberships) to catch enumeration and lateral movement, while honey accounts focus on detecting use of a leaked or stolen secret. Both are types of honeytokens and commonly overlap in mature deception programs.
How do you defend against Honey Account?
Defences for Honey Account typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Honey Account?
Common alternative names include: Decoy credential, Honey credential.
● Related terms
- defense-ops№ 487
Honeyuser
A fake identity provisioned in directory services and HR systems so that any login attempt or enumeration immediately reveals an attacker.
- network-security№ 486
Honeytoken
A piece of fake data — credential, file, record, or API key — that has no legitimate use and triggers an alert the moment it is accessed.
- defense-ops№ 293
Deception Technology
A defensive approach that deploys decoys, breadcrumbs, and fake assets across the environment to detect, mislead, and study attackers with high fidelity.
- attacks№ 232
Credential Stuffing
An automated attack that replays large lists of username/password pairs leaked from one service against other services, exploiting password reuse to take over accounts.
- defense-ops№ 012
Active Defense
A defensive strategy that goes beyond passive monitoring to engage, mislead, and disrupt adversaries inside the defender's own network and assets.
● See also
- № 483Honeyfile