In Magento 2, when you request to reset password, there will be a email sent to you for your notification including the lifetime of the password recovery link. It requires your new password have to meets the compulsory level of security. And you know, all of them, email template, lifetime of the password revovery link and, level of security are able to configure in customer password options from the backend. Moreover, admin can give customers permission to change their own password or set to only store owners can do so.
To Configure Customer Password Options
- Open the Admin homepage, then choose Stores on the sidebar. Next, under Settings, tap Configuration.
- In the board on the left, choose Customer Configuration under Customers. Next, expend the Password Options sector.
- Password Reset Protection Type field offers you 4 methods of managing password reset requests:
- By IP and Email: The password can be reset online after receiving response about reset notification from Admin account.
- By IP: The password can be rest online without any confirmation.
- By Email: The password only can be reset after responding to an email notification sent form Admin account.
- None: Only the admin can reset the password.
- In order to limit the number of reset password times per hour, do the following:
a. In Max Number of Password Reset Requests field, set the maximum number of password reset requests which is allowed to be sent per hour.
b. In Min Time Between Password Reset Requests field, set the minimum number of minutes which must transpire between requests.
- In order to configure the password reset email notification, do the following:
a. In Forgot Email Template, choose template used for the email sent to customers who have forgotten their passwords.
b. In Remind Email Template field, choose the template which is used when a password hint is sent to customers.
c. In Reset Password Template fieldchoose template used when customeres change their passwords.
d. In Password Template Email Sender field, set the store contact which appears as the sender of password-related notifications.
- To complete the password reset security options left
a. In Recovery Link Expiration Period (hours) field, set the number of hours for valid recovery link.
b. In Number of Required Charater Classes filed, set the number of differnet character types required for a password based on 4 character classes: Lowercase, Uppercase, Numeric, Special Characters.
c. In Maximum Login Failures to Lockout Account field, leave the number of failed login attempts until the Admin account is looked. If you want unlimited attempts, leave zero.
d. In Minimum Password Length field, leave the minimum number of characters which can be used in a password.
e. In Lockout Time (minutes) field, leave the number of minutes an Admin account is locked caused of too many failed attempts to log in.
- Tap Save Config to finish.
We have presented a way to Configure Customer Password Options in Magento 2. We hope that this article can show you useful information to select the appropriate extension for your online shop. If you find it helpful for you, please Like, Share and Subscribe to keep updating for our next blogs!