You are here:

How to manage password in Magento website?

Managing password is an important task to manage your Magento store well. Now, the latest versions of Magento, Magento 1.x and Magento 2.x allow you to manage many settings of admin passwords.

For Magento 1, do as follows to manage the passwords in your store

  • Go to System > Configuration > Admin
  • Expand Security section
  • From this section, you can:
  • Set Case Sensitive login for your store
  • Specify a Secret Key added to URLs when logging in to prevent forgery
  • Allow Magento Backend or Frontend to run in frame
  • Set Admin routing capability mode for extension

For Magento 2, do as follows:

  • Go to Stores > Configuration >Admin
  • Expand Security section
  • Magento 2 offers the same options for store owners and provides some new ones like Admin Account Sharing, Password Reset Protection Type, and Recovery Link Expiration Periods.

All options above allow you to have a more security password as well as a safe store.

An important thing you should care about is Payment Card Industry Compliance. There are some requirements that you should consider when configuring your passwords:

  • Passwords must have a minimum length of seven characters and contain both numeric and alphabetic characters
  • Passwords should be changed every 90 days
  • Passwords, when changed, cannot be the same as one of the four previous passwords
  • First-time Passwords for new users, and reset passwords for existing users, are set to a unique value for each user and changed after first use
  • User accounts should be temporarily locked-out after not more than six invalid access attempts
  • Once a user account is locked out, it remains locked for a minimum of 30 minutes or until a system administrator resets the account
  • System/session idle time out features have been set to 15 minutes or less

That’s end of managing passwords in Magento store.

Related articles



MageHit - No1 Magento Development Company

Back to Top