Ask Question
12 August, 23:09

Many websites require users to register before they can access information or services. Suppose that you register at such a website, but when you return later you've forgotten your password. The website then asks you to enter your email address, which you do. Later, you receive your original password via email.

a. Discuss several security concerns with this approach to dealing with forgotten passwords.

b. The correct way to deal with passwords is to store salted hashes of passwords. Does this website use the correct approach? Justify your answer.

+4
Answers (1)
  1. 13 August, 02:19
    0
    Oh, man. The fact that the website is even able to send your password to you via your email directly is very concerning. This means that they are storing passwords unhashed. If their database were to be compromised - a hacker can just take those credentials. But if they had been hashed and the password was complicated it would have been difficult for the hacker to unhash.
Know the Answer?
Not Sure About the Answer?
Find an answer to your question ✅ “Many websites require users to register before they can access information or services. Suppose that you register at such a website, but ...” in 📘 Computers and Technology if you're in doubt about the correctness of the answers or there's no answer, then try to use the smart search and find answers to the similar questions.
Search for Other Answers