One of our members contacted us today and asked about web site security. They asked whether it was a good idea for Joomla to send passwords by email.
Our answer was "No!". You really should stop Joomla from sending passwords inside emails.
The image below shows a typical Joomla registration email, with the username and password included.
Here's why sending passwords by email is not recommended:
- The email often is stored on several systems along the way to your mailbox.
- The email often is stored on your computer in plain text or other unencrypted format
- Even encrypted email can be broken in to, given enough computing time
- Your account's security may have been compromised even before you read your email (changing the password will not help in this case)
So, here's how to disable the sending of passwords by email:
- Go to Extensions > Manage.
- Search for "User - Joomla!"
- Make sure that "Notification Mail to User" is set to "No".
- Save the plugin settings and you'll be done.
If you are still getting passwords sent, it's possible that another extension is controlling the process. Check for user registration extensions such as Community Builder or JomSocial.