Magento 2 – invalidate all admin passwords
Recently I found a nice solution to invalidate all admin passwords of your Magento 2 shop. You can use it to make sure every admin sets a new password.
Magento 2 – invalidate all admin passwords
If your Magento online shop got hacked, you need to restore it. You may wipe your web space and restore your data from a save backup. This is a nice solution, but you forget about your database. What if a hacker created a new admin user? Your shop may still be endangered. Another risk may be a stolen admin password. It is possible that a hacker use social hacking and phone one of your employees and ask for a password.
Reset
To be sure every admin user is save, you need to reset all passwords. If you are developing a shop with many different stores, you may have a big number of admin users. To be sure, you may use this SQL statement to reset all passwords in database:
1 | UPDATE admin_user SET password = '--------'; |
If an admin user is now trying to login, he needs to set a new password:
Password reset is a common task with Magento 2. It is the same procedure as you may know from other web services. You can reset your password whenever you want, but with this small SQL statement it is possible to force this.
Conclusion
Resetting all admin passwords may be a good idea if you got hacked. It can also be done if you are unaware if an employee gave a password to someone else.