Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.

Password Control 0.1.7 released

Password Control Icon

Password Control system plugin release 0.1.7 for Joomla 3.4 and 3.5.

This update corrects the display of the deprecated constructor method message seem when PHP 7 is used upon a site.

The install file is available in the download area.

Password Control 0.1.6 released

Password Control Icon

Password Control system plugin release 0.1.6 for Joomla 3.4.

This update adds the password checks to the User password rest form when the user has 'forgotten' their password.  It also updates the copyright date to 2016 and changes the 'once date' criteria to be a calendar form field.

The install file is available in the download area.

Pavlovian approach to Password Management.

Engineers as Stanford recently unveiled a new password policy that shuns one-size-fits-all security.  This has been followed a system proposed by Lance James, the head of the cyber intelligence group at Deloitte & Touche.   This proposes a system that provides rewards or penalties based on the passcode choices people have made.

The example given is one as follows:

A user who picks "test123@#" might be required to change the password in three days under the system,. The three-day limit being based upon calculations showing it would take about 4.5 days to find the password using offline cracking techniques. Had the same user chosen "t3st123@##$x" (all passwords in this post don't include the beginning and ending quotation marks), the system wouldn't require a change for three months.

An interesting concept, and on that would avoid forcing users who have made a sensible password choice from being forced to change their passwords because some other less careful users choose ‘easier passwords’.

The full article is here.

Invalid Logging Attempts

We saw a situation of a brute force login attack the other day and thought we would share it with our readers, although we are flattered that anyone thought our site sufficiently important enough to make the effort, their efforts were in vain as they did not get very far.   This particular attack is classed as one of the most common (and least subtle) attacks that can be conducted against Web applications.  The sole aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of a user or a group of users.   It is often carried out by automated tools -- readily available on the Internet – enabling submission of thousands of password attempts in a matter of seconds (or less), trying to make it easy for an attacker to beat a password-based authentication system.

Continue reading

Password Control User Profile Plugin

Just in time for Xmas, the first release of the Password Control User Profile Plug-in 0.0.1 is now available in the download area.  This optional plug-in works with the Password Control System Plug-in to display information in the users profile of their last and next scheduled password change.  It works with version 0.0.4 and up of the system plug-in.

   The user plug-in also provides the site administrator with the ability to change a user's next password change date, subject to the settings specified on the system plug-in parameters.  See the documentation for more details.

Go To Top

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries