Author Topic: Virtuemart registration ignores Joomla Passwords Policy  (Read 366 times)

jabba

  • Beginner
  • *
  • Posts: 47
    • Pixed - Web Store Assistance
Virtuemart registration ignores Joomla Passwords Policy
« on: October 21, 2020, 16:02:52 pm »
Hello, i've noticed that Virtuemart registration form ignores joomla password policy (users options -> password options -> minumum numbers, digits and so on). Is there a way to force the registration to follow those rules? Or some way to set rules to virtemart too? Thanks
Gianluca Gabella - CEO & Web Developer @ Pixed - www.pixed.it

pinochico

  • 3rd party VirtueMart Developer
  • Full Member
  • *
  • Posts: 806
    • MiniJoomla
  • Skype Name: support-easysoftware
  • VirtueMart Version: 3
Re: Virtuemart registration ignores Joomla Passwords Policy
« Reply #1 on: October 21, 2020, 18:33:47 pm »
Change VM validation script?

Yes, maybe anybody will develop it, I will be happy too :)
www.minijoomla.org  - new portal for Joomla!, Virtuemart and other extensions
XML Easy Feeder - feeds from products, orders and database table
Virtuemart Email Manager - customs email templates

jabba

  • Beginner
  • *
  • Posts: 47
    • Pixed - Web Store Assistance
Re: Virtuemart registration ignores Joomla Passwords Policy
« Reply #2 on: October 21, 2020, 21:32:42 pm »
I can take a look at it if anyone can point me to the right direction... where VM validate the password?
Gianluca Gabella - CEO & Web Developer @ Pixed - www.pixed.it

jenkinhill

  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 27942
  • Always on vacation
    • Jenkin Hill Internet
Re: Virtuemart registration ignores Joomla Passwords Policy
« Reply #3 on: October 21, 2020, 22:49:15 pm »
Password validation has been discussed by the VM devs and is not likely to be included in the core. As the Joomla code used to validate a long password is not very sophisticated if you really want to use something similar then I would suggest a plugin may be developed. I very rarely require registration on a VM site as studies have shown that it can put shoppers off and result in lost sales, but that's up to the store owner.
Kelvyn

Jenkin Hill Internet,
Lowestoft, Suffolk, UK

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VirtueMart 3.8.7 10374 on Joomla 3.9.23 PHP 7.4.12

AH

  • Global Moderator
  • Sr. Member
  • *
  • Posts: 3296
  • VirtueMart Version: 3.8.4
Re: Virtuemart registration ignores Joomla Passwords Policy
« Reply #4 on: October 22, 2020, 10:31:03 am »
Apparently

It appears better to ignore any password policy in VM pages - than use the core Joomla settings - Even though VM actually creates a core Joomla User entry with the password entered in the VM page

The current thinking is that mandating the same password policy as the Joomla configuration will reduce sale conversions.

The vast majority of shops mitigate this by not requiring registration for shoppers. (which is definitely shown to reduce conversion rates)

If you allow Joomla user sign up via a joomla page outside of any VM handling - the users will be required to follow your Joomla configuration (you can see this when you add a user in Joomla administration pages)
regards
A

Joomla 3.9.22
php 7.3

jabba

  • Beginner
  • *
  • Posts: 47
    • Pixed - Web Store Assistance
Re: Virtuemart registration ignores Joomla Passwords Policy
« Reply #5 on: October 22, 2020, 12:21:15 pm »
Thank you all, i know it reduces conversions but in some cases registration is required (as for downloadable products or when the e-commerce si binded to other services of the website). Using some kind of password policy would be useful to increase account security, and i know that joomla already has one, it would be great just to use it.
I know i can disable registration redirect from VM plugin but in some cases (like user click on "my account") the VM registration form show up, and not the joomla one.

My2cents: use joomla password policy would be a great add to VM core.

Thank you anyway.

EDIT: GDPR does not says anything about password but most legal website says that we must do the best we can as developers to prevent data theft ( https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/passwords-in-online-services/ ). Improve password policy can help users to protect themself (and protect us from annoyng legal questions)
Gianluca Gabella - CEO & Web Developer @ Pixed - www.pixed.it