Password Options

The customer password options determine the level of security that is used for password reset requests, the email templates that are used for customer notification, and the lifetime of the password recovery link. You can allow customers to change their own passwords or require that only store administrators can do so

Configure customer password options

  1. On the Admin sidebar, go to Stores > Settings > Configuration.

  2. In the left panel, expand Customers and choose Customer Configuration.

  3. Expand Expansion selector the Password Options section.

    Password Options

  4. Set the Password Reset Protection Type to the method you want to use for managing password reset requests:

    By IP and Email The password can be reset online after a response is received from a reset notification sent to the email address associated with the Customer account.
    By IP The password can be reset online without additional confirmation.
    By Email The password can be reset only by responding to an email notification that is sent to the email address associated with the Customer account.
    None The password can be reset only by the store administrator.
  5. To limit the number of password reset requests sent per hour, do the following:

    • For Max Number of Password Reset Requests, enter the maximum number of password reset requests that can be sent per hour.

    • For Min Time Between Password Reset Requests, enter the minimum number of minutes that must elapse between requests.

  6. To configure the password reset email notification, do the following:

    • Set Forgot Email Template to the template that is used for the email sent to customers who have forgotten their passwords.

    • Set Remind Email Template to the template that is used when a password hint is sent to customers.

    • Set Reset Password Template to the template that is used when customers change their passwords.

    • Set Password Template Email Sender to the store contact that appears as the sender of password-related notifications.

  7. Complete the following password reset security options:

    • For Recovery Link Expiration Period (hours), enter the number of hours before the password recovery link expires.

    • For Number of Required Character Classes, enter the number of different character types that must be included in a password based on the following character classes:

      • Lowercase
      • Uppercase
      • Numeric
      • Special Characters
    • For Maximum Login¬†Failures to Lockout Account, enter the number of failed login attempts until the Customer account is locked. For unlimited attempts, enter zero (0).

    • For Minimum Password Length, enter the minimum number of characters that can be used in a password. The number must be greater than zero.

    • For Lockout Time (minutes), enter the number of minutes an Customer account is locked after too many failed attempts to log in.

  8. When complete, click Save Config.