Hello, i've noticed that Virtuemart registration form ignores joomla password policy (users options -> password options -> minumum numbers, digits and so on). Is there a way to force the registration to follow those rules? Or some way to set rules to virtemart too? Thanks
Change VM validation script?
Yes, maybe anybody will develop it, I will be happy too :)
I can take a look at it if anyone can point me to the right direction... where VM validate the password?
Password validation has been discussed by the VM devs and is not likely to be included in the core. As the Joomla code used to validate a long password is not very sophisticated if you really want to use something similar then I would suggest a plugin may be developed. I very rarely require registration on a VM site as studies have shown that it can put shoppers off and result in lost sales, but that's up to the store owner.
Apparently
It appears better to ignore any password policy in VM pages - than use the core Joomla settings - Even though VM actually creates a core Joomla User entry with the password entered in the VM page
The current thinking is that mandating the same password policy as the Joomla configuration will reduce sale conversions.
The vast majority of shops mitigate this by not requiring registration for shoppers. (which is definitely shown to reduce conversion rates)
If you allow Joomla user sign up via a joomla page outside of any VM handling - the users will be required to follow your Joomla configuration (you can see this when you add a user in Joomla administration pages)
Thank you all, i know it reduces conversions but in some cases registration is required (as for downloadable products or when the e-commerce si binded to other services of the website). Using some kind of password policy would be useful to increase account security, and i know that joomla already has one, it would be great just to use it.
I know i can disable registration redirect from VM plugin but in some cases (like user click on "my account") the VM registration form show up, and not the joomla one.
My2cents: use joomla password policy would be a great add to VM core.
Thank you anyway.
EDIT: GDPR does not says anything about password but most legal website says that we must do the best we can as developers to prevent data theft ( https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/passwords-in-online-services/ ). Improve password policy can help users to protect themself (and protect us from annoyng legal questions)