Reset customer passwords

Customers usually reset their passwords from the storefront by clicking Forgot Your Password?. However, the store administrator can initiate either a password reset or a forced sign-in from the Admin.

Function
Description
Reset Password
A password reset email is sent directly to the customer’s email account. The store administrator cannot gain access to the customer’s password.
Force Sign In
Revokes the OAuth access tokens that are associated with the customer account. This can be used only with customer accounts that have been assigned OAuth tokens, as part of a Web API integration. To learn more, see OAuth-based authentication in the developer documentation.

Standard customer accounts created from the storefront or from the Admin do not have OAuth tokens.

Reset a password from the storefront

  1. On the login page, the customer clicks Forgot Your Password?.

  2. When prompted, enters the Email Address that is associated with their account and clicks Reset My Password.

    img-md
    w-600 modal-image
    Forgot Your Password
    note info
    INFO
    If the entered email address matches the one that is associated with the account, the customer receives a Password Reset Confirmation email with a link to reset their password.
  3. When the email arrives, the customer clicks the reset password link and enters their New Password when prompted.

  4. Enters it again to confirm and clicks Reset Password.

    note important
    IMPORTANT
    The new password must be six or more characters in length without spaces. When they receive confirmation that the password is updated, they can use the new password to sign in to their account. By default, the reset password link is valid for 24 hours.

Reset a password from the Admin

  1. On the Admin sidebar, go to Customers > All Customers.

  2. Find the customer account in the grid and click Edit in the Action column.

  3. In the set of options across the top of the page, click Reset Password.

    The number of password reset requests that are allowed within an hour is set in the configuration topic.

Revoke a customer’s OAuth tokens

IMPORTANT
Do not proceed unless you have a full understanding of API Authentication.
  1. On the Admin sidebar, go to Customers > All Customers.

  2. Find the customer account in the grid and click Edit in the Action column.

  3. In the set of options across the top of the page, click Force Sign In.

  4. When prompted to confirm, click OK.

recommendation-more-help
09e7db7e-4210-474a-8bbf-c72a92c7537c