According to Joomla official website, Joomla 2.5 will reach its end of life on Dec 31, 2014, that means all Joomla 2.5 websites will not receive any updates including security updates. If your website still runs Joomla 2.5, make sure that you upgrade it as soon as possible. If you are planning to start a new Joomla site, make sure that you choose Joomla 3 to avoid unnecessary upgrade later.
You should be careful when choosing a 3rd extensions to install into your Joomla site, avoid all Joomla 2.5 compatible only extensions: there is no point to choose them, we’ve seen a lot of users who stuck with Joomla 2.5 because of some 3rd extension developers do not upgrade their extensions for Joomla 3.
Below is a nice tutorial which cover the process of upgrading from Joomla 2.5 to Joomla 3:
One of the most exciting new features in the upcoming Joomla 3.2 is two factor authentication, when enabled this feature, beside the username you will be required to enter your password + a time based secret key (this key is changed every 30 seconds), that is the reason why it is called “two factor”. This feature enhances your website’s security because a single password is considered not security enough nowadays.
So how to get started with this feature?
First, let’s install Joomla 3.2 (at this moment it is in alpha stage), the download link is:
After install Joomla 3.2 alpha, go to Joomla back end log in page and you can see a new secret key field right below username and password fields. At this moment, this new field will not do anything, just leave it empty and log in with your username and password.
After logged in, go straight to menu Users – Users Manager and click on your username to edit, you will see a new tab named “Two Factor Authentication” which is where we configure the secret key, it is disabled by default and we need to select to begin configuring it. This tab contains setup information which is very clear and easy to follow, I used my Android phone (with Google Authenticator installed) to scan the existing barcode and done! The Google Authenticator app will show you a random key which will be changed after 30 seconds. You will need to enter that random key back to verify it (Hints: use the Google Authenticator’s time correction for codes feature to sync your phone time with the server if your random key can not be verified).
Now you can log out and try to log in again to see how it actually works for you.