Magento 2 – Too many password reset requests error

You may discovered a “too many password reset request” error while working on a programmatically password reset option or if a customer complains why his password reset does not work. Magento has a validation to prevent not to send out mass password reset mails. This could effect your mail server rating and even worst to spam flags. You may discover, that Magentos validation is very strict and prevents you from testing.

Magento 2 – Too many password reset requests error

The good news: you can totally disable validation for outgoing password reset request mails. On you development system, that can be set. Please remember, this option is important for you live environment, so do not use this on a live shop!

Go to Stores -> Configuration -> Customer Configuration -> Password Options

You can set “Max Number of Password Reset Requests” to 0, which means endless. Normally this works. If your email or IP is already on a blacklist, you can totally disable this protection:

Just set “Password Reset Protection Type” to “None”. But remember to change that back on your live system. Otherwise you will be vulnerable by making your shop to a spam server.

Conclusion

I showed you how to react on “too many password reset requests” error. Magento 2 offers you many settings to adjust customer password projection things like protection type, maximum umber of requests and all know password reset mail templates, sender and period a recovery is valid. Please customize this with security in mind! Be careful not to open unnecessary vulnerabilities.