An office supplies web store wants to improve the security of their website. A developer suggested a number of changes.
Which of the changes would improve security?
(Select all acceptable answers.)
Everything on the site should use HTTPS instead of HTTP.
When resetting a user's password, send the user a new password instead of a password reset code.
Set an HTTP only flag on the session cookie.
Show a CAPTCHA after several failed login attempts.
Replace UUIDs in URLs with sequential IDs.
Session tokens should never expire.