I read the paper and it's very interesting. I always wander how would I know if my DB is compromised and this provides a solution, i don't know and I am not capable to tell if this is a great solution or not but it makes sense.
As a note to the paper for the 2.1. Honeychecker; It's not that efficient to have a second system that stores what the correct password is, it's just a waste of resources. A simple and more robust solution could be to have a checksum from a field, let's say the username, that generate a number from 1 to 5. That way you can tell which password is the correct one. The attacher must have access to the code to know the checksum formula and how that applies to the password list. I guess this is much better than the suggested solution.
As a note to the paper for the 2.1. Honeychecker; It's not that efficient to have a second system that stores what the correct password is, it's just a waste of resources. A simple and more robust solution could be to have a checksum from a field, let's say the username, that generate a number from 1 to 5. That way you can tell which password is the correct one. The attacher must have access to the code to know the checksum formula and how that applies to the password list. I guess this is much better than the suggested solution.