I. Are there any security concerns with this type of approach to dealing with forgotten passwords? Discuss and explain.
It does have some security concerns. When a user is trying to retrieve forgotten password, they are challenged with personal questions to verify their identity which should have been preregistered while answering this questions the user is only hoping the challenge is coming from the right authority and not from a compromised source or unauthorized administrator because most of this questions apply to multiple sites and could grant an hacker free access to the users accounts in the pretense of the user.
II. Another way of dealing with the problem would be to store salted hashes of the passwords. Does this website use an appropriate approach or not, justify your answer.
Having a user recover passwords comes with a lot of security flaws. Hashing makes it more secure because it is almost impossible for a hacker to decrypt but when a salt is added it becomes more difficult for a hacker to get the password. The salt adds random codes to the password and then hashes it so a hacker would have to get the hash and then get the salt to match which is impossible through all the techniques that are currently being used to crack password hashes. So a salted hash is good because it would require the user to generate another password instead of using the old one.
2. The iris scan would be recommend because it is safer and more accurate. It is also cheaper to implement. With retina scan the scanner uses laser to scan the back of the eye and the blood pattern while iris is like a digital photograph which can be taken from a distance and it is a lot less invasive. Different life changes and health issues can cause a change in the retinal but the iris remains the same.
a. Have you had one on either your personal computer or a computer where you have worked? If yes, what did you do about it and if not how have you escaped?
No. I have not had a...