How to disable the backend password expiration procedure?

dmitry_fedyuk · May 24, 2017, 8:43am

Step 1. Change the expiration settings

As you can see i the article «How it the backend password expiration procedure implemented?», the backend passwords lifetime is stored in the admin/security/password_lifetime option value:

github.com

magento/magento2/blob/2.1.6/app/code/Magento/User/Model/Backend/Config/ObserverConfig.php#L64-L72


/**
 * Get admin password lifetime
 *
 * @return int
 */
public function getAdminPasswordLifetime()
{
    return 86400 * (int)$this->backendConfig->getValue('admin/security/password_lifetime');
}

So the simplest way to disable the backend password expiration procedure you need to set 0 to the admin/security/password_lifetime option.

0 works because of the code:

github.com

magento/magento2/blob/2.1.6/app/code/Magento/User/Model/Backend/Config/ObserverConfig.php#L38-L38


if (!isset($latestPassword['expires']) || $this->getAdminPasswordLifetime() == 0) {

Method 1. Using the backend web interface

«Advanced» → «Admin» → «Security» → «Password Lifetime (days)».

Method 2. Using Magento 2.2 console

The bin/magento config:set command is available since Magento 2.2:

bin/magento config:set admin/security/password_lifetime 0

Method 3. Using SQL

mysql --database=<your database> -e "\
	UPDATE core_config_data \
	SET value = 0 \
	WHERE 'admin/security/password_lifetime' = path \
";

Step 2. Delete the cache

bin/magento cache:clean