Resetting Passwords

Customers usually reset their passwords from the storefront by clicking the “Forgot Your Password?” link. However, the store administrator can initiate either a password reset or a forced sign-in from the Admin.

Reset Password A password reset email is sent directly to the customer’s email account. At no time does the store administrator gain access to the customer’s password.
Force Sign In Revokes the OAuth access tokens that are associated with the customer account. This can be used only with customer accounts that have been assigned OAuth tokens, as part of a Web API integration. To learn more, see OAuth-based authentication in the Magento DevDocs.

Note: Standard customer accounts created from the storefront or from the Admin do not have OAuth tokens.

To reset a password from the storefront:

  1. On the Login page, click Forgot Your Password?.

  2. When prompted, enter the Email Address that is associated with your account and click Reset My Password.

    Forgot Your Password

    If the email address you entered matches the one that is associated with the account, you will receive a “Password Reset Confirmation” email with a link to reset your password.

  3. When the email arrives, click the reset password link and enter your New Password when prompted.

  4. Enter it again to confirm and click Reset Password.

    Your new password must be six or more characters in length without spaces.

    When you receive confirmation that the password is updated, you can use the new password to sign in to your account.

To reset a password from the Admin:

  1. On the Admin sidebar, go to Customers > All Customers.

  2. Find the customer account in the grid and click Edit in the Action column.

  3. In the set of options across the top of the page, click Reset Password.

    The number of password reset requests that are allowed within an hour is set in the configuration.

To revoke a customer’s OAuth tokens:

Do not proceed unless you are a developer familiar with API Authentication.

  1. On the Admin sidebar, go to Customers > All Customers.

  2. Find the customer account in the grid and click Edit in the Action column.

  3. In the set of options across the top of the page, click Force Sign In.

  4. When prompted to confirm, click OK.