A
honey credential is a fake username/password pair deliberately placed where attackers would find it (code repos, config files, AD) — any use triggers an immediate alert.
Honey credentials have zero false positives — no legitimate process ever uses them. Great for detecting password spraying (if attacker tries the honey password) and insider threats (if someone uses credentials from a secured location).