By default, Magento 2 includes a security feature that periodically prompts administrators to update their passwords. While this setting is beneficial for live production environments, it can become inconvenient during development, testing, or staging work—especially when multiple logins are required.
If you’re seeing the “It’s time to change your password” message and want to disable it, this guide will walk you through two simple methods: updating the configuration via the Magento Admin Panel or using CLI commands.
Note: Disabling password expiration is not recommended for production environments, as it reduces admin-level security.
Why Does Magento Show This Prompt?
Magento’s Admin Security configuration includes a built-in password lifetime policy. When the defined number of days passes, administrators are required (or encouraged) to reset their password. This helps enhance account protection and prevent unauthorized access.
For development purposes, however, this feature can be safely turned off.
Method 1: Disable Password Expiration via Magento Admin Panel
If you have access to the Magento Admin Dashboard, follow these steps:
- Log in to the Magento Admin panel
- Go to:
Stores → Settings → Configuration - In the sidebar, expand Advanced → Admin
- Scroll to the Security section
- Locate the setting:
✔ Password Lifetime (days) — leave it blank to disable expiration
✔ Optionally, set Password Change to Recommended instead of Forced - Click Save Config
- Clear the Magento cache:
Navigate to:
System → Tools → Cache Management → Flush Magento Cache
After saving and refreshing the system cache, Magento will stop asking you to change your admin password.
Method 2: Disable Password Expiration Using CLI (SSH)
If you prefer working through the terminal or don’t have backend admin access, use the following steps:
- SSH into your server and navigate to your Magento root directory, the folder containing the
bin/magentofile. - Run the following commands to disable password expiration:
php bin/magento config:set admin/security/password_lifetime 0
php bin/magento config:set admin/security/password_is_forced 03. Clear cache to apply the changes:
php bin/magento cache:clean
php bin/magento cache:flushOnce complete, the forced password reset message will no longer appear.
Magento 2 includes robust security settings to ensure platform safety. However, the password reset prompt can interrupt workflow during development or testing. Using either the Admin Settings or CLI commands, you can quickly disable this feature and streamline admin login access.
If you need more Magento-related security customization or technical support, feel free to reach out.
You may also like,
Understanding The Different Cache Types In Magento 2.4.6: A Beginner’s Guide
How To Change The Admin Startup Page In Magento 2
DDEV Docker: How to change the project PHP version?
Quickly install the latest Magento 2.4.6 with Virtual Host(Opens in a new browser tab)
Leave a Comment