News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Virtuemart registration ignores Joomla Passwords Policy

Started by jabba, October 21, 2020, 16:02:52 PM

Previous topic - Next topic

jabba

Hello, i've noticed that Virtuemart registration form ignores joomla password policy (users options -> password options -> minumum numbers, digits and so on). Is there a way to force the registration to follow those rules? Or some way to set rules to virtemart too? Thanks
Gianluca Gabella - CEO & Web Developer @ Pixed - www.pixed.it

pinochico

Change VM validation script?

Yes, maybe anybody will develop it, I will be happy too :)
www.minijoomla.org  - new portal for Joomla!, Virtuemart and other extensions
XML Easy Feeder - feeds for FB, GMC,.. from products, categories, orders, users, articles, acymailing subscribers and database table
Virtuemart Email Manager - customs email templates
Import products for Virtuemart - from CSV and XML
Rich Snippets - Google Structured Data
VirtueMart Products Extended - Slider with products, show Others bought, Products by CF ID and others filtering products

jabba

I can take a look at it if anyone can point me to the right direction... where VM validate the password?
Gianluca Gabella - CEO & Web Developer @ Pixed - www.pixed.it

jenkinhill

Password validation has been discussed by the VM devs and is not likely to be included in the core. As the Joomla code used to validate a long password is not very sophisticated if you really want to use something similar then I would suggest a plugin may be developed. I very rarely require registration on a VM site as studies have shown that it can put shoppers off and result in lost sales, but that's up to the store owner.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

AH

Apparently

It appears better to ignore any password policy in VM pages - than use the core Joomla settings - Even though VM actually creates a core Joomla User entry with the password entered in the VM page

The current thinking is that mandating the same password policy as the Joomla configuration will reduce sale conversions.

The vast majority of shops mitigate this by not requiring registration for shoppers. (which is definitely shown to reduce conversion rates)

If you allow Joomla user sign up via a joomla page outside of any VM handling - the users will be required to follow your Joomla configuration (you can see this when you add a user in Joomla administration pages)
Regards
A

Joomla 4.4.5
php 8.1

jabba

Thank you all, i know it reduces conversions but in some cases registration is required (as for downloadable products or when the e-commerce si binded to other services of the website). Using some kind of password policy would be useful to increase account security, and i know that joomla already has one, it would be great just to use it.
I know i can disable registration redirect from VM plugin but in some cases (like user click on "my account") the VM registration form show up, and not the joomla one.

My2cents: use joomla password policy would be a great add to VM core.

Thank you anyway.

EDIT: GDPR does not says anything about password but most legal website says that we must do the best we can as developers to prevent data theft ( https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/passwords-in-online-services/ ). Improve password policy can help users to protect themself (and protect us from annoyng legal questions)
Gianluca Gabella - CEO & Web Developer @ Pixed - www.pixed.it