Ask Question
4 February, 03:12

Many websites require users to register before they can access information or services. Suppose that you register at such a website, but when you return later you've forgotten your password. The website then asks you to enter your email address, which you do. Later, you receive your original password via email.

a. Discuss several security concerns with this approach to dealing with forgotten passwords.

b. The correct way to deal with passwords is to store salted hashes of passwords. Does this website use the correct approach? Justify your answer.

+4
Answers (1)
  1. 4 February, 05:50
    0
    Oh, man. The fact that the website is even able to send your password to you via your email directly is very concerning. This means that they are storing passwords unhashed. If their database were to be compromised - a hacker can just take those credentials. But if they had been hashed and the password was complicated it would have been difficult for the hacker to unhash.
Know the Answer?
Not Sure About the Answer?
Get an answer to your question ✅ “Many websites require users to register before they can access information or services. Suppose that you register at such a website, but ...” in 📙 Computers & Technology if there is no answer or all answers are wrong, use a search bar and try to find the answer among similar questions.
Search for Other Answers