This documentation page does not apply to our software versions for Joomla! 4.0 and later versions. If you are not using Joomla 3 please consult the documentation index to find and read the correct version of the documentation.
THIS IS NOT A SECURITY FEATURE. THE MASTER PASSWORD IS STORED UNENCRYPTED IN THE SITE'S DATABASE. We consider this feature as a simple way for you to prevent your clients from modifying configuration parameters that could break their own site. THIS FEATURE IS NOT DESIGNED TO PREVENT A MALICIOUS AND/OR KNOWLEDGABLE PERSON FROM ACCESSING ADMIN TOOLS.
Sometimes you are not the sole administrator of a website, for example when there is a large administrative team or when you build the website for a client. In such cases you do not need everyone with back-end access to be able to modify Admin Tool's settings. Instead of giving you the traditional "all or nothing" access control imposed by Joomla! user groups, Admin Tools allows you to control access to any or all of its features using a "master password". The idea is that before any user is able to use one of the protected features, he has to supply the "master password" in Admin Tools' control panel page.
The Master Password page
When you click on thebutton in the Control Panel you get to the Master Password page where you can set both the password and select which features to protect.
The top area of the page allows you to set a Master Password. If you want to disable password protections, simply leave it blank.
The bottom area of the page lets you select which features will be protected. Set the radio button next to each feature you want to protect to "Yes" before clicking on thebutton. Features marked as "No" will be accessible by all back-end users (Managers, Administrators and Super Administrators). Featured marked with "Yes" will only be available to users who enter a valid password in the Control Panel page. This means that even Super Administrators will not be able to access the protected features without supplying a valid password.
If you want to quickly protect all features, click on thebutton above the list. Conversely, clicking on the button will disable Master Password protection on all features.
The only way to find out your password is to directly read it from
the database. Use your host's database management tool —usually it's
phpMyAdmin— to list the contents of your site's jos_admintools_storage
jos_ is your site's prefix).
Find the only record in the table (the
value is "cparams") and take a peek at the contents of the
value column. It contains a long text. At
some point you will see something like
mypassword part is your master