A decoy access point is a realistic but controlled login target built to watch for suspicious sign-in attempts. It may copy the look and behavior of a real portal, but it is instrumented so defenders can see when someone enters stolen credentials or tries to reuse an account. Unlike a real service, the decoy is designed for detection rather than access.
Decoy access points matter because stolen credentials are often valuable long before defenders notice abuse. If an attacker tests a password against the lure, that attempt can become an early warning that an account, token, or identity has been exposed. Security teams can then reset credentials, inspect logs, and block related activity. In defense, decoys work best as part of layered identity security, alongside MFA, monitoring, and access review. They do not stop every attack, but they can reveal the first misuse of a credential faster than waiting for damage on a production system.