Password Control

As release Joomla only provides some rudimentary control of user's passwords.  The basic Joomla authentication of the user's password is whether the two entries match.  If they match the user can continue.  What is required is control over the specification of the password itself?  Must it contain upper and lower case letters?  Should it also contain numbers and/or special characters' such as underscore (_), hash (#) etc?  Also how many of each should it contain?  Should there be checks upon real words?  Password Control tries to address some of these questions.

Currently some capability is provided by a system plug-in.  The plugin addresses a few of the more pressing issues:

1.  Forcing the user to change their password on initial logon

2. Forcing the users to periodically change  their passwords every 'n' days, where 'n' is an administrator defined variable, typically set to 30 days.

3. Ability to optionally block users.

4. Ability to store up to 999 previous passwords for a user.

5. Supports Joomla update functionality.

More details can be found in the Password Control System Plug-in Documentation

An additional optional capability is provided by the Password Control User Profile Plug-in.  This is described in the documentation, but permits the site user to see details of their most recent password change and the next scheduled password change.  It also allows the site administrator to view this information and edit the next password change date if required.