With nearly half of all breaches involving external attackers enabled by stolen or fake credentials, security firms are pushing a high-fidelity detection mechanism for such intrusions: canary tokens.