Is your Joomla password secure?
I bet you are amongst the majority of internet users who use one password for everything.
A password is only as strong as the weakest link and if you use the same password on multiple sites it is only as strong as the security on the weakest site.
And if you recently had an account at typo3.org
you just found the weakest site as their site was compromised over the weekend.
It doesn't matter how strong the password is, of course it should consist of mixed case alpha-numeric characters and not be based on a dictionary word, if a site's user table is compromised, your password is compromised too.
And not just your password, many sites also store your email address, street address and/or date of birth! So if you use the same password on multiple sites, which probably means you use the same username as well, one weak site can provide a hackwer with access to all your sites and a myriad of information.
But how can a hacker find out which other sites I use?
Some obvious social engineering would show that if you had registered at a joomla extension website you would probably have also registered at other Joomla related websites. And if you used the same username then some simple google power searches will give a list of other sites as well.
OK so do I really expect everyone to use unique, and strong, passwords on every site that requires a password. Yes!!!
It's really not hard if you use the right tools. Personaly I use insert link keepass to generate and store all my passwords. They are all rediculously long and complex and despite my legendary memory for obscure facts and figures I could never hope to remember them all.
But I don't need to as keepass does it all for me. It lives on a usb key so I always have my passwords with me and just because I'm paranoid the USB key itself requires my fingerprint before it can be accessed.
If all of this sounds like a lot of hassle then it is nothing compared to the hassle, aggravation and time currently facing everyone who has ever registered for an account at insert link typo3.org
"As far as we could find out, an admin password was stolen and used to find out more passwords on typo3.org."
"We highly recommend to change your password on all websites where you use the same or a similar password."
Don't be a lazy fool today, switch to using strong unique passwords using keepass, and protect your identity for tomorrow.
Joomla 1.5 ACL explained
Despite claims to the contrary Joomla 1.5 does have an ACL system. It may be rudimentary but when fully understood can be very useful.
To help you I've created a simple table with an overview of who can do what.
NOTE to the accessibility mafia - yes its a table. This is an example of the correct use of a table as it is presenting tabular data. In addition the table has been created with header and id attirbutes to aid screen readers.
| Front-end Groups | Back-end Groups | |||||||
|---|---|---|---|---|---|---|---|---|
| Un-registered | Registered | Author | Editor | Publisher | Manager | Administrator | Super-Administrator | |
| View "public" content | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| View "registered" content | - | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| View "special" content | - | - | Yes | Yes | Yes | Yes | Yes | Yes |
| Create new content | - | - | Yes | Yes | Yes | Yes | Yes | Yes |
| Edit own content | - | - | Yes | Yes | Yes | Yes | Yes | Yes |
| Edit all content | - | - | - | Yes | Yes | Yes | Yes | Yes |
| Publish new content | - | - | - | - | Yes | Yes | Yes | Yes |
| Access the Administrator page | - | - | - | - | - | Yes | Yes | Yes |
| Create new users | - | - | - | - | - | - | Yes | Yes |
| Install extensions | - | - | - | - | - | - | Yes | Yes |
| Change the template | - | - | - | - | - | - | - | Yes |
| Change site settings | - | - | - | - | - | - | - | Yes |
This chart is also available in Italian at www.joomla.it
