Magento’s backend/admin password expires in 90 days by default. So, in every 90 days, when you login to admin, you will be asked to change your admin user’s password.
This is a useful security feature in production/live site. However, this can be annoying to have in a development/testing site.
This article shows on how you can disable the password expiration and disable the force password change feature in Magento 2.
There are two ways to disable the password expiration feature:
- From Magento admin
- From CLI commands
1. Disable Password Expiration / Password Change from Magento Admin
Completely Disable Password Expiration & Forced Password Change Feature
- Login to Magento admin
- Go to
Stores > Configuration > Advanced > Admin
- Empty field
Password Lifetime(days)
- Save Config
Keep Password Change as Recommended
If you only want Magento to recommend to change password and would like to disable the forced password change feature then:
- Login to Magento admin
- Go to
Stores > Configuration > Advanced > Admin
- Keep
Password Lifetime(days)
value as is. Default 90. - Set
Password Change
toRecommended
- Save Config
This will show a notice to change your admin password if your last admin user’s password change has been before 90 days. But, Magento will not force you to change your admin password.
2. Disable Password Expiration / Password Change from CLI Command
Completely Disable Password Expiration & Forced Password Change Feature
bin/magento config:set admin/security/password_lifetime 0
Keep Password Change as Recommended
If you only want Magento to recommend changing password and would like to disable the forced password change feature then:
- Do not do any changes in the password lifetime (days). Its default value is 90.
- If you like to adjust the password lifetime, you can do so with the following command. The following sets the password lifetime to 100 days.
bin/magento config:set admin/security/password_lifetime 100
- Change Password Change to Recommended
This will show a notice to change your admin password if your last admin user’s password change has been before 90 days. But, Magento will not force you to change your admin password.
bin/magento config:set admin/security/password_is_forced 0
Here, 0 = recommended, and 1 = forced
Hope this helps. Thanks.