Difference between revisions of "How to disable the Strong Passwords feature"
From Joomla! Documentation
m (inuse) |
m (saving to preserve edits) |
||
| Line 1: | Line 1: | ||
{{version|3.2}} | {{version|3.2}} | ||
{{inuse}} | {{inuse}} | ||
| − | With the release of Joomla! 3.2, the CMS introduced a new feature called, '''[[jtracker:31561|Strong Passwords]]'''. | + | With the release of Joomla! 3.2, the CMS introduced a new feature called, '''[[jtracker:31561|Strong Passwords]]'''. The intent was to enhance the encryption of password hashing and storage through the use of BCrypt, thus increasing the security of Joomla! 3.2 user accounts. Bcrypt was not available in the early releases of php 5.3, and with the first releases a bug in the algorithm surfaced. This prompted a change in later php versions to fix it. |
| + | |||
| + | The Joomla 3 series required a minimum php version of 5.3+ which includes php versions without BCrypt and the buggy first release of BCrypt. The '''Strong Passwords''' feature has built in compatibility to determine if BCrypt was available based on a php version check of the Joomla installation's server. The version check is used to determine exactly what the '''Strong Passwords''' feature would enable, BCrypt or the next best available password hashing encryption available. | ||
| + | |||
| + | == Disabling 'Strong Passwords' == | ||
# Log in to the Administrator. | # Log in to the Administrator. | ||
| − | # In the top menu, select Extensions | + | # In the top menu, select {{rarr|Extensions,Plugin Manager}}. |
# In the "- Select Type -" filter in the left-hand column, choose "user". | # In the "- Select Type -" filter in the left-hand column, choose "user". | ||
# In the list of user plugins click on the plugin called "User - Joomla". | # In the list of user plugins click on the plugin called "User - Joomla". | ||
Revision as of 10:18, 9 December 2013
This article is actively undergoing a major edit for a short while.
As a courtesy, please do not edit this page while this message is displayed. The user who added this notice will be listed in the page history. This message is intended to help reduce edit conflicts; please remove it between editing sessions to allow others to edit the page.
If this page has not been edited for several hours, please remove this template, or replace it with {{underconstruction}} or {{incomplete}}.
With the release of Joomla! 3.2, the CMS introduced a new feature called, Strong Passwords. The intent was to enhance the encryption of password hashing and storage through the use of BCrypt, thus increasing the security of Joomla! 3.2 user accounts. Bcrypt was not available in the early releases of php 5.3, and with the first releases a bug in the algorithm surfaced. This prompted a change in later php versions to fix it.
The Joomla 3 series required a minimum php version of 5.3+ which includes php versions without BCrypt and the buggy first release of BCrypt. The Strong Passwords feature has built in compatibility to determine if BCrypt was available based on a php version check of the Joomla installation's server. The version check is used to determine exactly what the Strong Passwords feature would enable, BCrypt or the next best available password hashing encryption available.
Disabling 'Strong Passwords'[edit]
- Log in to the Administrator.
- In the top menu, select Extensions → Plugin Manager.
- In the "- Select Type -" filter in the left-hand column, choose "user".
- In the list of user plugins click on the plugin called "User - Joomla".
- Change the "Strong Passwords" setting to "No".
- Click the "Save and Close" toolbar button.
Your site will now no longer use enhanced passwords.