Bait and switch?

How about the use of "honeywords" to lure in hackers? Sound interesting? Well, cryptographic researchers Ari Juels and Ronald Rivest (the "R" in RSA) have come up with an interesting idea (PDF). Why not store fake passwords on a server? If anyone tries to use the fake password, an alarm is sounded.

Alongside of the real password, they would store a fake password. Any attacker gaining access to the database couldn't tell the difference between the real or the fake password.

If an attacker was able to hack the database, they might try to use it to log into the associated web application. The web application would then know the access was unauthorized, either blocking the account or trigger an alarm and redirect the hacker to a "honeypot" system where they could do whatever mischief they wanted.

Sounds like a plan, Stan.