Goal: Thwart attackers’ attempts to reset passwords or gain unauthorized access through password recovery mechanisms.
Approach: Introducing deceptive password reset flows that delay attackers or lead them to decoy systems.
Implement fake password reset pages or email flows that appear to process password reset requests but instead capture attacker information, delay their progress, or redirect them to controlled environments.