I should clarify: the passwordless account is a honeypot. It's isolated from my personal account and everything important. The only point is to encourage the attacker to use the computer instead of reformatting it, so I have a chance of recovering the hardware.