Solved: How to stop customers changing password

batman13 · ‎10-18-2019

I curently have a b2b site where I set the same password for each store. I'd like to disable "Change Password" on the account page so no one can change the password. Please see attached ss

https://ibb.co/M7ZSHyH

Magento 2.3.2 CE

Cheers.

KuafuSoft · ‎10-18-2019

several things need to be taken care of for this purpose and requires a custom module created

1, remove reset password link from customer account dashboard page

to remove the link we need to create a customer_account_index.xml file in your custom module to rewrite template file Magento_Customer::account/dashboard/info.phtml

<?xml version="1.0"?>
<page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" layout="2columns-left" xsi:noNamespaceSchemaLocation="urn:magento:framework:View/Layout/etc/page_configuration.xsd">
    <body>
        <referenceContainer name="customer_account_dashboard_info">
             <action method="setTemplate">
                 <argument name="template" xsi:type="string">[Name_Space]_[Your_Module]::account/dashboard/info.phtml</argument>
             </action>
        </referenceContainer>
    </body>
</page>

then you can copy the magento template vendor/magento/module-customer/view/frontend/templates/account/dashboard/info.phtml to your own module and remove the reset password link in it.

A dirty hack if you don't want to rewrite template is to add a custom css rule to hide the link

.action.change-password {display:none;}

2, remove password reset checkbox from customer account editing page

similarly like in step1, we need to rewrite template vendor/magento/module-customer/view/frontend/templates/form/edit.phtml from customer_account_edit.xml layout to remove the reset password checkbox

3, remove the forgot password link from login page

again, rewrite template vendor/magento/module-customer/view/frontend/templates/form/login.phtml from customer_account_login.xml layout to remove the forgot password link

4, if you are worried about people bypassing frontend and sending password request directly to server, create a aroundChangePassword plugin for Magento\Customer\Api\AccountManagementInterface to not reset password and return a friendly message back to customer.

View solution in original post

Mukesh Tiwari · ‎10-18-2019

Hi @batman13

What is the use case for this requirement?

Do you provide a specific password to every user? If it is not a auto generated password which is sent to customer by email then it is not a good practice.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

batman13 · ‎10-18-2019

I set the same password for every store. I understand that it's not good practice.

Tarandeep Singh · ‎10-18-2019

@batman13There is no out of the shelf solution. I doubt there will be a extension which could be stopping customer to change their password.

Easy option could be just remove that change password link form the templates.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.

batman13 · ‎10-18-2019

Easy option could be just remove that change password link form the templates.

Where would this be exactly?

Thank you.

KuafuSoft · ‎10-18-2019

several things need to be taken care of for this purpose and requires a custom module created

1, remove reset password link from customer account dashboard page

to remove the link we need to create a customer_account_index.xml file in your custom module to rewrite template file Magento_Customer::account/dashboard/info.phtml

<?xml version="1.0"?>
<page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" layout="2columns-left" xsi:noNamespaceSchemaLocation="urn:magento:framework:View/Layout/etc/page_configuration.xsd">
    <body>
        <referenceContainer name="customer_account_dashboard_info">
             <action method="setTemplate">
                 <argument name="template" xsi:type="string">[Name_Space]_[Your_Module]::account/dashboard/info.phtml</argument>
             </action>
        </referenceContainer>
    </body>
</page>

then you can copy the magento template vendor/magento/module-customer/view/frontend/templates/account/dashboard/info.phtml to your own module and remove the reset password link in it.

A dirty hack if you don't want to rewrite template is to add a custom css rule to hide the link

.action.change-password {display:none;}

2, remove password reset checkbox from customer account editing page

similarly like in step1, we need to rewrite template vendor/magento/module-customer/view/frontend/templates/form/edit.phtml from customer_account_edit.xml layout to remove the reset password checkbox

3, remove the forgot password link from login page

again, rewrite template vendor/magento/module-customer/view/frontend/templates/form/login.phtml from customer_account_login.xml layout to remove the forgot password link

4, if you are worried about people bypassing frontend and sending password request directly to server, create a aroundChangePassword plugin for Magento\Customer\Api\AccountManagementInterface to not reset password and return a friendly message back to customer.

randyruby · ‎04-25-2020

Is there a dirty hack to remove the forgot password link from login page

How to stop customers changing password

How to stop customers changing password

Re: How to stop customers changing password

Re: How to stop customers changing password

Re: How to stop customers changing password

Re: How to stop customers changing password

Re: How to stop customers changing password

Re: How to stop customers changing password

Re: How to stop customers changing password