Main menu
New security features in Joomla 3.2 stops hackers New security features in Joomla 3.2 stops hackers

Joomla Becomes More Unfriendly

Yeah, you read the title right and there is no typo in there. But, to be clear, Joomla just became more unfriendly…to hackers. Got you there!  Ha, ha...right?

Joomla has just added another security feature to its arsenal. With this new security feature, Joomla-powered websites ungratefully gives hackers a maximum of 30 seconds to hack a site. Take note, it is the MAXIMUM. How can a hacker do it within 30 seconds? – It’s virtually impossible! Depending

on the timing, it might just give a seemingly lucky hacker less than a second to do it. This new security feature really made Joomla sites 99.99% secured. Why not 100%? - We talk about real technical stuff here and there is no such thing as 100% secured. Nevertheless, this feature makes Joomla a CMS of choice when it comes to security and cost. This recently added security feature of Joomla is known as Two-Factor Authentication and it utilizes the Google Authenticator. If these features are unfamiliar to you we're discussing them right here.

Google Authenticator

Google Authenticator is a mobile app that generates a 6-character security key that expires every 30 seconds. So now, you might have a better picture where the maximum 30 seconds, that hackers should beat, comes from. It was initially intended for authenticating log-ins to different Google services and eventually some versions of the software became open source. The 30 second time frame is fixed. For example, at 01:00:01 (hh:mm:ss) the password generated is 123456 it will be valid until 01:00:30. At exactly 01:00:31, the 123456 key will become invalid because Google Authenticator just created a new random security key. Let’s say, a very skillful hacker got your 6-character security key at around 01:00:29, thus giving him only 1 second to intrude for it will be invalid after 1 second. Does it sound brilliant? – For me, it’s a big YES.

Two-Factor Authentication

The name comes from the concept that it needs two sets of credentials before it allows an admin/user to be logged in. The first set is the usual username and password tandem. The other set is the 6-character secret code (as Joomla developers named it) generated by Google Authenticator. In order to be logged in, one should enter the correct set of credentials AND it must be at the right time. When we say at the right time, we mean before the fixed 30-second rule expires. Otherwise, one may need another set of secret code in order to log in.

Truly, it might backfire or cause inconvenience to legitimate/authorized users. But, if you really value security you’ll surely take this positively. If in case it annoys you more than it pleases you, then nothing is preventing you to turn the feature off. By default, it is off and you need to, sort of, install it before it activates. In the process of installing it, you will be provided with relevant info about this new security feature.

Hooray! This new security feature is really something that any Joomla fanatic should celebrate for. Indeed, having this feature activated in your Joomla site(s) plus a highly secured Joomla Web Hosting Provider will simply tell hackers to “try and try until you die!”

Rate this item
(0 votes)
back to top