Enhancing Password Security with Symbolic Characters
From Joomla! Documentation
Introduction[edit]
The Enhancing Password Security with Symbolic Characters feature, introduced in Joomla 5.2, improves password security by ensuring that a comprehensive set of special characters, as recommended by OWASP, is now supported. This update ensures that all special characters available on a standard US keyboard are recognized and accepted when setting password requirements.
How it Works[edit]
This feature updates the script to include the entire set of special characters, which now consists of: @$!#?=;:*-_€%&()`´+[]{}'"|,.<>/~^
. These characters can now be used in passwords to meet the security requirements for Joomla websites, ensuring greater flexibility and enhanced security.
To enable this feature:
- Go to Global Configuration -> User Options.
- Set the Password Minimum Symbols requirement to at least 1 symbol.
- When creating or updating a password, users must now include one or more symbols from the updated list.
The script also includes an updated comment to clarify that the inclusion of special characters has been expanded to match OWASP guidelines.
How to Access[edit]
To access and configure the enhanced password security settings:
- Navigate to Global Configuration -> User Options.
- Under the password requirements, adjust the setting for the minimum number of symbols required in passwords.
- Save the settings and ensure that future passwords meet the updated requirements.
When setting or updating a password, users must include at least one symbol from the following list:
@$!#?=;:*-_€%&()`´+[]{}'"|,.<>/~^
Additional Notes[edit]
This change applies to all Joomla 5.2 installations. Administrators should ensure that the password requirements are updated in the configuration to take full advantage of the enhanced security features.
Note on the Feature's Origin[edit]
This feature was added in Joomla 5.2 via the improvement introduced in #43484.