Find the word definition


n. (context computing English) A kind of honeypot that is not a computer system, such as a fake e-mail address used to track whether a mailing list has been stolen.


In the field of computer security, honeytokens are honeypots that are not computer systems. Their value lies not in their use, but in their abuse. As such, they are a generalization of such ideas as the honeypot and the canary values often used in stack protection schemes. Honeytokens do not necessarily prevent any tampering with the data, but instead give the administrator a further measure of confidence in the data integrity.

If they are chosen to be unique and unlikely to ever appear in legitimate traffic, they can also be detected over the network by an intrusion-detection system (IDS), alerting the system administrator to things that would otherwise go unnoticed. This is one case where they go beyond merely ensuring integrity, and with some reactive security mechanisms, may actually prevent the malicious activity, e.g. by dropping all packets containing the honeytoken at the router. However, such mechanisms have pitfalls because it might cause serious problems if the honeytoken was poorly chosen and appeared in otherwise legitimate network traffic, which was then dropped.

As stated by Lance Spitzner in his article on SecurityFocus, the term was first coined by Augusto Paes de Barros in 2003.