Many websites require users to register before they can access information or services. Suppose that you register at such a website, but when you return later you've forgotten your password. The website then asks you to enter your email address, which you do. Later, you receive your original password via email.

a. Discuss several security concerns with this approach to dealing with forgotten passwords.

b. The correct way to deal with passwords is to store salted hashes of passwords. Does this website use the correct approach? Justify your answer.

Question

Lucy Odom

Computers & Technology

3 January, 06:23

Many websites require users to register before they can access information or services. Suppose that you register at such a website, but when you return later you've forgotten your password. The website then asks you to enter your email address, which you do. Later, you receive your original password via email.

a. Discuss several security concerns with this approach to dealing with forgotten passwords.

b. The correct way to deal with passwords is to store salted hashes of passwords. Does this website use the correct approach? Justify your answer.

+2

Answers (1)

Know the Answer?

Lam · Answer 1

Oh, man. The fact that the website is even able to send your password to you via your email directly is very concerning. This means that they are storing passwords unhashed. If their database were to be compromised - a hacker can just take those credentials. But if they had been hashed and the password was complicated it would have been difficult for the hacker to unhash.