Cryptology Computer Science Many websites require users to register before they

Question

Cryptology Computer Science

Many websites require users to register before they can access information or services. Suppose that you register at such a website, but when you return later you've forgotten your password. The website then asks you to enter your email address, which you do. Later, you receive your original password via email. Discuss several security concerns with this approach to dealing with forgotten passwords. The correct way to deal with passwords is to store salted hashes of passwords. Does this website use the correct approach? Justify your answer.

Explanation / Answer

No, Sharing original password through mail is a right approach. Instead the website can send a url to concern email which faciliate the user to create a new password. Second option is to send one time password to the registered email so that the user can create a new password after first login.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.