Top of Page
Top of page

Log Bad Passwords

logbadpasswordsiconCapture the bad passwords your users type.

One day, while trying to remember which password I used to log into my Google account, it occurred to me that Google could easily track bad passwords and associate them to a particular user.  With this information, along with the rest of what Google knows about us, they could easily gain access to other accounts and services.
So, I wrote this pair of plugins to provide this capability to Joomla administrators.  Because this plugin only stores bad passwords, storing clear text passwords isn't exactly a security risk because they're known bad.  When a user changes his or her password to one that is already in the stored list, that password is cleared from the list.
The list appears on the user edit screen in administrator and nowhere else.  Administrators also have the option of clearing the list for individual users.  Additionally, the plugin can be configured to store bad passwords for the frontend, the backend and to exclude specific groups from bad password storage.
Use is easy.
  1. Install the package.
  2. Enable both plugins.
  3. Configure the User - Log Bad Passwords plugin to set where it should run, and what group restrictions should be enabled.
This package was an experiment, to determine if it could be safely built.  I wouldn't suggest running it on public sites because it may expose the passwords your users use on other sites.

RicheyWeb Joomla extensions are free! Additionally, they contain no advertisements or links back to If you feel that I have blessed you, then you can bless me. Click to make a donation to fund future development.

RicheyWeb Extensions have been downloaded 596,591 times.
118 individuals and companies have made donations supporting future development.
Thank you Andre Podszus!