Difference between revisions of "How to disable the Strong Passwords feature"
From Joomla! Documentation
m (last of the updates) |
(Several markup and capitalization changes.) |
||
| (5 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
{{version|3.2}} | {{version|3.2}} | ||
| − | |||
{{warning | {{warning | ||
|text=This is recommended if you are: | |text=This is recommended if you are: | ||
| − | *Developing a site on a | + | * Developing a site on a server with a PHP version 5.3.7 and later and you plan to move it to a production server with a earlier PHP version. |
| − | *Moving a website from a server with | + | * Moving a website from a server with PHP version 5.3.7 and later to a server with a earlier PHP version. |
| − | *Downgrading your server's | + | * Downgrading your server's PHP version below 5.3.7.|title=Why turn off Strong Passwords?}} |
| − | |||
| − | |||
| − | + | With the release of Joomla! 3.2, the CMS introduced a new feature called [[jtracker:31561|Strong Passwords]]. The intent was to enhance the encryption of password hashing and storage through the use of ''bcrypt'', thus increasing the security of Joomla! 3.2 user accounts. ''Bcrypt'' was not available in the early releases of PHP 5.3, and with the first releases, a bug in the algorithm surfaced. This prompted a change in the later PHP versions to fix it. | |
| − | + | The Joomla 3 series required a minimum PHP version of 5.3 that unfortunately includes PHP versions without ''bcrypt'' and the buggy first release of ''bcrypt''. The ''Strong Passwords'' feature has built-in compatibility to determine if ''bcrypt'' is available based on a PHP version check of the Joomla installation's server. The version check is used to determine exactly what the ''Strong Passwords'' feature would enable, ''bcrypt'' or the next best available password hashing encryption available. Unfortunately, this can lead to access issues under certain circumstances. | |
| − | + | == Disabling Strong Passwords == | |
| − | + | # Log in to the website Administrator view. (e.g. ''<nowiki>http://www.example.com/administrator/</nowiki>'') | |
| − | + | # In the top menu, select {{rarr|Extensions,Plugin Manager}}.{{-}}[[File:J3x-extension-plugin-manager.png]] | |
| − | + | # In the ''- Select Type -'' filter in the left column, choose ''user''.{{-}}[[File:J3x-plugin-manager-select-type.png]] | |
| − | + | # In the list of user plugins, select the ''User - Joomla'' plugin.{{-}}[[File:J3x-plugin-manager-select-user.png]] | |
| − | + | # Change the ''Strong Passwords'' setting to ''No''.{{-}}[[File:J3x-plugin-manager-user-strong-passwords-on.png]]{{-}}[[File:J3x-plugin-manager-user-strong-passwords-off.png]] | |
| + | # Click ''Save and Close''.{{-}}[[File:J3x-toolbar-SaveClose.png]] | ||
| − | Your website will | + | Your website will no longer use the ''Strong Passwords'' feature to hash and store passwords. |
[[Category:Version 3.2.0 FAQ]] | [[Category:Version 3.2.0 FAQ]] | ||
| + | [[Category:Joomla! 3.2]] | ||
Latest revision as of 19:41, 12 December 2022
This article is for Joomla! CMS Version(s) 
Why turn off Strong Passwords?
This is recommended if you are:
- Developing a site on a server with a PHP version 5.3.7 and later and you plan to move it to a production server with a earlier PHP version.
- Moving a website from a server with PHP version 5.3.7 and later to a server with a earlier PHP version.
- Downgrading your server's PHP version below 5.3.7.
With the release of Joomla! 3.2, the CMS introduced a new feature called Strong Passwords. The intent was to enhance the encryption of password hashing and storage through the use of bcrypt, thus increasing the security of Joomla! 3.2 user accounts. Bcrypt was not available in the early releases of PHP 5.3, and with the first releases, a bug in the algorithm surfaced. This prompted a change in the later PHP versions to fix it.
The Joomla 3 series required a minimum PHP version of 5.3 that unfortunately includes PHP versions without bcrypt and the buggy first release of bcrypt. The Strong Passwords feature has built-in compatibility to determine if bcrypt is available based on a PHP version check of the Joomla installation's server. The version check is used to determine exactly what the Strong Passwords feature would enable, bcrypt or the next best available password hashing encryption available. Unfortunately, this can lead to access issues under certain circumstances.
Disabling Strong Passwords[edit]
- Log in to the website Administrator view. (e.g. http://www.example.com/administrator/)
- In the top menu, select Extensions → Plugin Manager.
- In the - Select Type - filter in the left column, choose user.
- In the list of user plugins, select the User - Joomla plugin.
- Change the Strong Passwords setting to No.
- Click Save and Close.
Your website will no longer use the Strong Passwords feature to hash and store passwords.