Arjen Schrijvers
unread,Jul 20, 2017, 5:38:48 AM7/20/17Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Joomla! CMS Development
Today I was checking the default values of the USers: Options settings.
1. By default, the option Send Password is on in User Options. This means that a password is sent in the same email as the username.
From a securety point of view, this is not secure. Isn't it better to set Send Password by default on No
2. In the Password Options, I see that by default the minimum count of characters is 4.
From a security point of view, this is far too less. A minimum of 8 must be at least.
3.If I want to change the password of a Superuser, I get the message that it is not possible to change the password of a Super User. I understand the reason for it, but from the security point of view, we give too much info. Better is to treat it like a normal user. But the email will not be sent. Of course, we need to tell people that the link has been sent if they don't receive it check the spam folder or contact the owner of the site (Service Desk).
What do you all think of these suggestions?