Magento stuck on " It's time to change your password."
Asked Answered
O

7

12

I didn't use Magento 2.0.2.0 CE for about 1 month. After that I logged in to admin after, opened my account/Account information page, the title “It's time to change your password.” was shown. When I tried to open my products (or settings page), the similar page “It's time to change your password.” was shown

I changed my password and pressed “Save Account”. And nothing changed, I still see “It's time to change your password.”, all menu items lead to this page “It's time to change your password.”

enter image description here

Otherdirected answered 3/8, 2016 at 12:11 Comment(2)
Have you tried to clear browser cache?Dowlen
yes, but it doesn't helpOtherdirected
O
4

1) Run this SQL script in your store db: UPDATE admin_passwords SET expires = <<some future timestamp>> WHERE user_id = <<admin_user_id>>;

  • i have used <<some future timestamp>> = 1999999998
  • <<admin_user_id>> - you can find your user id in the table admin_user

Also you can make the same job with help of some UI client: just edit expires column in admin_passwords table to 1999999998 (i suggest to change all lines to affect all users): db client

2) Clean your browser cache and coockie.

3) Login to Magento. Enjoy it!

Otherdirected answered 3/8, 2016 at 12:17 Comment(0)
J
23

Run commands in the magento root instead of changing to database:

Disable force password change and password lifetime

php bin/magento config:set admin/security/password_is_forced 0
php bin/magento config:set admin/security/password_lifetime 0

Reindex and Clean the cache

php bin/magento indexer:reindex
php bin/magento c:c
Juror answered 30/10, 2019 at 9:52 Comment(0)
O
7

Just run following sql query if path admin/security/password_is_forced exist

UPDATE `core_config_data` SET `value` = '0' WHERE `path` = 'admin/security/password_is_forced';

else

INSERT INTO `core_config_data` (`config_id`, `scope`, `scope_id`, `path`, `value`) VALUES (NULL, 'default', '0', 'admin/security/password_is_forced', '0');
Otto answered 2/4, 2018 at 10:17 Comment(0)
U
5

Here are the steps to fix this problem so it does not appear again.

  1. Update expires value in table admin_passwords Run bellow sql query in PhpMyAdmin:

    UPDATE admin_passwords SET expires = 1999999998 WHERE user_id = <<admin_user_id>>;

  2. change Password Change to Recommended in Stores > Configuration > ADVANCED > Admin > Security section

    See more detail at https://bestcodestore.com/magento-2-issue-time-change-password/

Upcountry answered 6/4, 2017 at 12:47 Comment(0)
O
4

1) Run this SQL script in your store db: UPDATE admin_passwords SET expires = <<some future timestamp>> WHERE user_id = <<admin_user_id>>;

  • i have used <<some future timestamp>> = 1999999998
  • <<admin_user_id>> - you can find your user id in the table admin_user

Also you can make the same job with help of some UI client: just edit expires column in admin_passwords table to 1999999998 (i suggest to change all lines to affect all users): db client

2) Clean your browser cache and coockie.

3) Login to Magento. Enjoy it!

Otherdirected answered 3/8, 2016 at 12:17 Comment(0)
G
2

Run below commands in the Magento root directory from CLI

php bin/magento config:set admin/security/password_is_forced 0
php bin/magento config:set admin/security/password_lifetime 0
php bin/magento cache:flush
Galan answered 12/6, 2021 at 9:22 Comment(0)
C
1

For anyone else who gets this after upgrading to Magento 2.4.3 or above. We had the same issue. Fix for us was:
Temporarily disable forced passwords

php bin/magento config:set admin/security/password_is_forced 0
php bin/magento cache:flush

In the MAP we had to go to: Stores > Config > Advanced | System > Security Set Max Session Size in Admin to 0 This gave a warning, but saved fine. Then flushed cache.

We could then re-enable force password change

php bin/magento config:set admin/security/password_is_forced 1

or Stores > Config > Advanced | Admin > Security Set Password Change to Forced Then flush cache.

Complicacy answered 23/11, 2021 at 20:46 Comment(0)
D
-1

I followed burzhuy's suggestion - but instead of running the script I opened the database table "admin_passwords" through phpMyAdmin. This table wasn't available in the early versions of Magento 2. If you have only very few users/admins, just chance the UNIX TimeStamp by copy/paste to something in the far future. There is a number of time stamp converters on the internet.

It's still necessary to clear browser cache and cookies after this database update. Works perfectly.

IMO this should only be recommended for developing purposes and goes rather against all password safety rules.

Draughts answered 12/11, 2016 at 13:21 Comment(1)
in general you did the same job as i described but, via UI.Otherdirected

© 2022 - 2024 — McMap. All rights reserved.