Which method can serve as a way to enforce non-repudiation?

Non-repudiation is a concept in information security that ensures a party cannot deny the authenticity of their signature on a document or a message. The method that effectively enforces non-repudiation is digital signatures.

Digital signatures provide a way to confirm the identity of the sender and ensure that the message was not altered in transit. When a sender creates a digital signature, they utilize their private key to encrypt a hash of the message, which can be verified by others using the sender's public key. This process not only authenticates the sender's identity but also confirms that the message has remained unchanged, affirming that the sender cannot deny sending the message once it has been signed.

Other methods like encryption, biometrics, and password protection serve various security functions. Encryption protects the confidentiality of data during transmission or storage. Biometrics establish identity through physical characteristics, such as fingerprints or retinal scans, which can authenticate users but do not inherently prove that a particular action (like sending a message) was taken by a specific individual. Password protection aids in access control but does not guarantee the actions taken by the user once inside a system.

In contrast, digital signatures are specifically designed to provide non-repudiation, making them the correct choice in this context