How to disable the Strong Passwords feature

From Joomla! Documentation

Revision as of 15:30, 9 December 2013 by Tom Hutchison (Talk | contribs)

Documentation all together tranparent small.png
Under Construction

This article or section is in the process of an expansion or major restructuring. You are welcome to assist in its construction by editing it as well. If this article or section has not been edited in several days, please remove this template.
This article was last edited by Tom Hutchison (talk| contribs) 15 months ago. (Purge)

With the release of Joomla! 3.2, the CMS introduced a new feature called, Strong Passwords. The intent was to enhance the encryption of password hashing and storage through the use of BCrypt, thus increasing the security of Joomla! 3.2 user accounts. Bcrypt was not available in the early releases of php 5.3, and with the first releases a bug in the algorithm surfaced. This prompted a change in the later php versions to fix it.

The Joomla 3 series required a minimum php version of 5.3+ which unfortunately includes php versions without BCrypt and the buggy first release of BCrypt. The Strong Passwords feature has built in compatibility to determine if BCrypt was available based on a php version check of the Joomla installation's server. The version check is used to determine exactly what the Strong Passwords feature would enable, BCrypt or the next best available password hashing encryption available. Unfortunately, this can lead to access issues under certain circumstances.

Stop hand nuvola.svg.png
Turn off Strong Passwords

This is recommended if you are:

  • Developing a site on a php version > or = 5.3.7 and plan to move it to a production server with a lower php version.
  • Moving a website from a server with php version > or = 5.3.7 to a server with a lower php version.
  • Downgrading your server's php version below 5.3.7.

Disabling 'Strong Passwords'

  1. Log in to the website Administrator view. (e.g.
  2. In the top menu, select Extensions  Plugin Manager.
  3. In the "- Select Type -" filter in the left-hand column, choose "user".
  4. In the list of user plugins click on the plugin called "User - Joomla".
  5. Change the "Strong Passwords" setting to "No".
  6. Click the "Save and Close" toolbar button.

Your site will now no longer use enhanced passwords.