After July 2021, the 2.3.x release line will no longer receive quality updates, or user guide updates. PHP 7.3 reaches end of support in December 2021 and Adobe Commerce 2.3.x reaches end of support in September 2022. We strongly recommend planning your upgrade now to Adobe Commerce 2.4.x to help maintain PCI compliance.

Password Options

The information on this page is intended for Adobe Commerce 2.3 customers who are on an extended support contract. The Adobe Commerce Merchant Documentation for current releases is published on the Adobe Experience League.

The customer password options determine the level of security that is used for password reset requests, the email templates that are used for customer notification, and the lifetime of the password recovery link. You can allow customers to change their own passwords or require that only store administrators can do so

Configure customer password options

  1. On the Admin sidebar, go to Stores > Settings > Configuration.

  2. In the left panel, expand Customers and choose Customer Configuration.

  3. Expand Expansion selector the Password Options section.

    Password Options

  4. Set Password Reset Protection Type to the method you want to use for checking password reset requests:

    By IP and Email Check for previous attempts to reset password for specific email or from specific IP.
    By IP Check for previous attempts to reset password from specific IP.
    By Email Check for previous attempts to reset password for specific email.
    None Protection disabled (no limits for resetting password).

    The limitations for password resets (next step) are calculated based on this configuration.

  5. To limit the number of password reset requests sent per hour, do the following:

    • For Max Number of Password Reset Requests, enter the maximum number of password reset requests that can be sent per hour.

    • For Min Time Between Password Reset Requests, enter the minimum number of minutes that must elapse between requests.

  6. To configure the password reset email notification, do the following:

    • Set Forgot Email Template to the template that is used for the email sent to customers who have forgotten their passwords.

    • Set Remind Email Template to the template that is used when a password hint is sent to customers.

    • Set Reset Password Template to the template that is used when customers change their passwords.

    • Set Password Template Email Sender to the store contact that appears as the sender of password-related notifications.

  7. Complete the following password reset security options:

    • For Recovery Link Expiration Period (hours), enter the number of hours before the password recovery link expires.

    • For Number of Required Character Classes, enter the number of different character types that must be included in a password based on the following character classes:

      • Lowercase
      • Uppercase
      • Numeric
      • Special Characters

    • For Maximum Login Failures to Lockout Account, enter the number of failed login attempts until the Customer account is locked. For unlimited attempts, enter zero (0).

    • For Minimum Password Length, enter the minimum number of characters that can be used in a password. The number must be greater than zero.

    • For Lockout Time (minutes), enter the number of minutes an Customer account is locked after too many failed attempts to log in.

  8. When complete, click Save Config.

© 2023 Adobe. All rights reserved.