Your company is selling toys online and shipping globally. When signing in to the web site, a customer, Jack, forgot his password. He clicked the “Forgot password?” button to reset his password and received a password notification email in 2 minutes that provided his old password for him to sign in. Jack called the customer service to complain about the insecure web system because of receiving the password notification email. As a security professional, which of the following is the best suggestion?
A. Implement a self-service portal to reset password
B. Accelerate the delivery speed of password notification emails
C. Employ one-way function to handle passwords and concatenated random strings
D. Use AES256 to encrypt passwords with salts