We all go through situations where our memory gets the best of us and forgetting your Joomla password is just one typical situation. In this case, you are forced to use the forgot your password link provided by the CMS.
You then find situations where that link may not be as effective as originally anticipated in the event when the user has forgotten their passwords.
It gets worse when that person happens to be a client who cannot remember their password and email address. With all honesty, this is probably the most common scenario.
So How Would you Recover a Lost Joomla Password?
As an administrator, you definitely have access to the raw MySQL database where Joomla stores its data. This is the key to you being able to do some Joomla password recovery. This access may either be accessible via phpMyAdmin, the popular MySQL database administration interface or Using another third party Gui client such as SQLYog or MySQL Bench.
The other method is to use the MySQL command-line client. Whichever method you choose, this guide will show you how to pick the best solution.
Using MySQL command-line or raw SQL Queries
Prior to Joomla 3.x passwords were stored in the database in the format $password MD5 hash, colon then random salt which gives you a string 65 characters long. This would look something like this:
So basically to get a string such as the one above you would run the following:
md5(your_password + salt) + “:” + salt
So all you need to do is get into the database and get the password string and copy out the salt section and append it to the password and run it as the input into the md5() function then concatenate that to a colon and finally the hash at the end.
There is also another simpler tick. The internal functions of Joomla allow you to still set a password without the salt. So simply running md5(your_password) will still work.
Now, md5 is not a Cryptographically secure hashing algorithm but it works well in resetting the password which the user can use to log into the admin area and then use the Joomla interface to change it immediately.
You can use the following query to reset your Joomla password using a MySQL command-line client.
UPDATE `jos_users` SET `password` = MD5('new_password') WHERE `jos_users`.`username` = "current_user" ;
“jos_users” would be the actual name of your users’ table. the prefix “jos_” is different depending on the installation.
“new_password” should be replaced with the new password you wish to use.
“current_user” is the affected username that needs the password changed.
If you are using a GUI MySQL client then you can simply open the table, navigate to the respective row then replace the password string with this one:
The string is actually for the password secret.
You can then go in and log into Joomla using your_username and secret as the password.
The above method works for current versions of Joomla as well.
Versions of Joomla above 3.x use Bcrypt as the password hashing algorithm but seeing the above methods will work, we want to keep things simple. The most important thing here is to remember to change the password at the next sign in and let the CMS hash the password using its internal strongest algorithm depending on the Joomla version.
For further reading check out this WordPress guide on how to disable Multiple post revisions.