Multiple choice technology architecture

User selected a password for his account, system detected that the password is been used by another user, what is the correct step

  1. System should indicate to the user that password is already linked to another user, as this comprimises password confidentialty

  2. Ignore and simply complete the password set process

  3. System cannot detect that the user's password are same

  4. Generate a password automatically such that it doesn't duplicate with any other users password and indicate the user of his auto generated password

Reveal answer Fill a bubble to check yourself
B Correct answer
Explanation

Password systems should never indicate whether a password is already in use, as this reveals account information to attackers. Best practice is to accept password reuse while maintaining password hashing for independent account security.