Setting up new access credentials for the Magento admin panel

You are supposed to care deeply about the security and protection in your store. Thus, being an end user of Magento 2 with administrator level access, the importance of the secure password cannot be diminished. The dependable passphrase can prevent unapproved admittance to the managing board of the store and your magento extensions.

Muddled and unexpected passwords are probably the ideal way to improve the security of authorized access for any user registered in a system. In particular, the registered user with the highest level of administrator access to the store backend. Nonetheless, such solid passwords are difficult to remember, and failure to remember such passwords can eventually lead to losing access to the account.

The simplest but most powerful security advice you can get from the security experts is to use unique passwords that are hard to guess or brute force. But even such a password can be stolen through a vulnerability or software leak. It is recommended that you change your password routinely to prevent malicious access at this stage.

Resetting a password for the account with the admin access level should be done regularly.

The password can be updated in several ways that Magento 2 supports.

Updating a password using the reset function

The easiest and most widely accepted method of getting a new password on an account is simply to reset it as if the user had lost or forgotten it. Use this method if the email connected to the admin account is still accessible.

In the browser, open the store admin page to login, but instead of providing credentials, click the option to reset the forgotten password.

Enter your admin email address if necessary, successfully solve the CAPTCHA puzzle, and make the password reset request.

Open a new tab in a browser to navigate to the email account used for the Magento admin. Find an email with a link to reset the current password.

Paste this reset password link into the browser's address bar and enter the new password when asked. Click the Reset Password button to finish.

Log in to your Magento store admin account as usual, using a new password.

Users of the Adobe cloud Magento installation should activate the option to make outgoing emails before requesting a password reset. Activate it in the project web interface:

  • In browser, open the page of the project and specify which software environment is required to update;
  • Click the Configure environment button, and navigate to the Variables tab;
  • Activate the option of Outgoing emails, if it is disabled;
  • Wait for the environment to rebuild and deploy with the new settings.

Modifying the password through PHPMyAdmin

As an alternative, a password can be changed directly in the database used by the store. Issue an SQL query to the admin_user table to change the data of a particular user.

This rather straightforward process requires access to PHPMyAdmin. Login to this tool and navigate to the data set containing the information Magento uses to store credentials.

Select the SQL command and insert the query: UPDATE admin_user SET password = SHA2('$PASSWORD', 256) WHERE username='$USERNAME';

Here $USERNAME is the user name for which the password is reset, $PASSWORD must be replaced by the new passphrase.

Click the Go button to exchange current data with the database and write a new password.

Resetting the password with a new admin account using the Magento CLI

There is no option to reset the password in the list of commands Magento provides in the CLI. However, you can resort to a trick to achieve the desired result.

Create a new admin user via CLI in the Magento root folder:

php bin/magento admin:user:create --admin-user new_user_name --admin-password new_user_password --admin-email [email protected] --admin-firstname firstname --admin-lastname lastname

Replace the new_user_name and new_user_password with the name and password for the new user with the admin access level. In addition, provide information such as email, first name, and last name for the new user.

When the initial process of configuring a new administrator account is complete, log in and use the Magento interface to reset the password for any other account.

Resetting the password from the Magento admin backend

A password for the account can be reset directly from the Magento admin panel. Navigate to System > Permissions > All Users.

From the list of all registered users in the system, choose the desired one and click on his/her record. A new page opens with options for resetting the password. Specify a new password and save the updated data.

The updated password must be at least 7 characters long and include numeric and alphabetic characters.

Update your passwords regularly and keep them in a safe place.