Backend user API

In TYPO3, backend users (BE users) are responsible for managing content, settings, and administration tasks within the backend. They are stored in the be_users database table and authenticated via the Backend user object stored in the global variable $GLOBALS['BE_USER'] (class \TYPO3\CMS\Core\Authentication\BackendUserAuthentication ).

Sudo mode (step-up authentication) for password changes

New in version 12.4.32 / 13.4.13

This functionality was introduced in response to security advisory TYPO3-CORE-SA-2025-013 to mitigate password-change risks.

This mechanism prevents unauthorized password changes if an administrator session is hijacked or left unattended.

When an administrator edits their own user account or changes the password of another user via the admin interface, password confirmation (step-up authentication) is required.

Dialog "Verify with user password" with password prompt shown on attempting to change a password.

Step-up authentication requires the administrator to re-enter their password