User - Password Policy Plugin extends the password policy as defined by Joomla!. A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.

Maximum password age

The Maximum password age policy setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 180, or you can specify that passwords never expire by setting the number of days to 0. You can set this option both globally and for each individual user. The plug-in is designed to follow the most restrictive policy.

When the password expires the user will be redirected to the password change page.

Password expiration reminder

If set to Yes, the plug-in alerts users to change their expiring passwords 30, 15, 7, 3, 2, 1 day before it expires.

Minimum password age

The Minimum password age setting determines the period of time (in days) that a password must be used before the user can request to change it. The Minimum password age must be less than the Maximum password age.

If you set a Maximum password age for a user greater than or equal to the Minimum password age, the plug-in uses the value immediately preceding the Maximum password age as the Minimum password age.

Enforce password history

The Enforce password history setting defines the number of new unique passwords that must be associated with a user account before an old password can be reused.


  • Password generator

  • Account lockout after a number of failed sign-in attempts