Magento 1.9 Security – Disable Asking for Current Admin Password When Changing Password

magento-1.9magento-communitypasswordSecurity

Changing a password for the admins or a customer requires the "current admin password."

That will require every admin to set memorable passwords, that have possibly been used in other sites, as opposed to using the corporate password manager, which does work with the login screen, but not in the random other backend screens through magento.

Update: It appears to be a bug with the form field, as Github currently features a password entry form when adding a new public key. In that form no username is required, but chrome allows you to choose a password to use. As such, eliminating the password reuse problem present in Magento.

Best Answer

As of at least 1.9.2.x there is a setting Under "Configuration > Customers > Customer Configuration > Password Options" named "Require admin user to change user password"

Flipping it to no does exactly what you'd expect, it removes the "Admin password" requirement when changing the password of customer accounts. This is presumably to allow for stronger admin passwords using a password manager.

That setting will not work on the passwords of backend users, only customers. That's probably all that most of us need.

Related Solutions

Magento 2 – How to Remove Unsecure Content from Modals Wrapper

It does come from vendor\magento\module-customer\view\frontend\web\template\authentication-popup.html. Since this is a knockout.js template file, you will have to delete your static content and then re-deploy (if you are in production mode) in order for changes to come through (clearing browser cache is also necessary sometimes). Instead of editing the file directly, you should copy it to your theme in here: app/design/frontend/{Vendor}/{Theme}/Magento_Customer/web/template/authentication-popup.html in order to override it from your theme.

To delete the static content, run rm -rf pub/static/* var/view_preprocessed/* from magento root directory. In production mode you then run the static content deployment command.

As far as I can tell, this modal is used if 'guest checkout' is disabled and a customer who is not logged in clicks on 'Proceed to Checkout' button in minicart or cart page. If guest checkout is enabled for your store, then you can remove it completely by disabling the layout block. To do this, create the file app/design/frontend/{Vendor}/{Theme}/Magento_Customer/layout/default.xml with this contents:

<?xml version="1.0"?>

<page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:View/Layout/etc/page_configuration.xsd">
    <body>
        <referenceBlock name="authentication-popup" remove="true"/>
    </body>
</page>

You must flush the cache after adding this file.

Magento 2 – Forgot Admin Password for Admin Panel

Follow this: https://www.siteground.com/kb/how_to_reset_admin_password_in_magento/

UPDATE admin_user SET password = CONCAT(SHA2('xxxxxxxxNewPassword', 256), ':xxxxxxxx:1') WHERE username = 'ADMINUSERNAME';

Or you can follow this to create new admin user and when you logged in you can edit the old account How to reset lost admin password in Magento 2?

Best Answer

Related Solutions

Magento 2 – How to Remove Unsecure Content from Modals Wrapper

Magento 2 – Forgot Admin Password for Admin Panel

Related Topic