[3] This is one case where they go beyond merely ensuring integrity, and with some reactive security mechanisms, may prevent the malicious activity, e.g. by dropping all packets containing the honeytoken at the router.
However, such mechanisms have pitfalls because they might cause serious problems if the honeytoken was poorly chosen and appeared in otherwise legitimate network traffic, which was then dropped.
As such, they are a generalization of such ideas as the honeypot and the canary values often used in stack protection schemes.
[4][5] Honeytokens can exist in many forms, from a dead, fake account to a database entry that would only be selected by malicious queries, making the concept ideally suited to ensuring data integrity.
A particular example of a honeytoken is a fake email address used to track if a mailing list has been stolen.