When you are about to change passwords in other ways that it's intended to do, you should always take in mind that it always is a security risk. You should therefore use extra care when you need to use these steps. These ways work in Joomla 2.5, 3.x, and 4.x. The tutorial is based on Joomla Docs.
To change a user's password from the backend you must have the privilege of "Super Administrator Group". This user should not be used in the daily maintenance of your site. But only be used to maintain the security of the site and do updates which the usual Admin user doesn't have access to.
There are three main ways to change your forgotten password, one of them is to change the admin user in the configuration.php file, the two other ways are to go into MySQL and change it. The best way depends on your knowledge and security issues.
Method 1: Change root user in configuration.php
(This is the easiest and most secure way to reset the password)
To change the root user you will need access to FTP on the server that your sites are hosted. In the main folder, you will find the file, if you eighter download the file or edit it online with your FTP-editor the result will be the same (remember to if needed change the file rights to 644).
Search for public $user and change the user to your own username like this: public $user = '[my_username]';, and upload the file to its location. You can log in with the new admin user and change the original admin user password to something new and set its rights to admin. You may keep the file at 644 until you have logged in and changed the admin user back. And then take the file back to the original file right.
Method 2: Change the admin password in the Database
To change the password in the Database you need access to MySQL eighter by using phpMyAdmin or some other tool that you can log in to your MySQL Database. Locate the [prefix]_users table in your database, and change the password for the admin user (the user admin should NEVER have the name admin).
Joomla uses SALTED MD5 passwords when it's stored in the database, an example of the password "secret" is located below.
secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
It's important that you log in to change this password as soon as possible!!!!!
Method 3: Add a new admin user in the database
The third way to retain access to the backend with a Super Administrator account is simply to create a new user with Super Admin privileges through the Database interface. This is done in the same DB-table as you change the password. Use the MySql Query option below to add the password "secret" to the user "admin2".
INSERT INTO `[prefix]_users`
(`name`, `username`, `password`, `params`, `registerDate`, `lastvisitDate`, `lastResetTime`)
VALUES ('Administrator2', 'admin2',
'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '', NOW(), NOW(), NOW());
INSERT INTO `jos31_user_usergroup_map` (`user_id`,`group_id`)
VALUES (LAST_INSERT_ID(),'8');
Its important that you change the [prefix] with your own database prefix before running the query.
It's important that you log in to change this password as soon as possible!!!!!
You can find more salted MD5 password in the link below.
Based on an article from Joomla Docs: https://docs.joomla.org/How_do_you_recover_or_reset_your_admin_password