Skip to main content

What It Does

The Password Reset template displays when customers click “Forgot password?” link on login page and enter their email. This page allows customers to set a new password using a secure reset link emailed to them.
This is a static template section with no customizable settings. Password reset functionality is standard Shopify behavior. Customization requires code editing.

Template Content

Default Password Reset Form

Typical password reset page includes:
  • Heading - “Reset Password” or “Create New Password”
  • New password input (enter new password)
  • Confirm password input (re-enter new password for verification)
  • “Reset password” button
  • Success/error messages - Confirmation or validation errors

User Experience

Password reset flow:
  1. Customer clicks “Forgot password?” on login page
  2. Enters email, clicks “Submit”
  3. Receives password reset email (contains secure reset link)
  4. Clicks reset link in email
  5. Lands on password reset page (/account/reset/[token])
  6. Enters new password (twice for confirmation)
  7. Clicks “Reset password” button
  8. Password updated, customer logged in automatically
  9. Redirected to account dashboard

Best practices

Check Spam Folder

Password reset emails sometimes land in spam. Instruct customers to check spam/junk folders if email doesn’t arrive.

Password Requirements

Display password requirements (minimum 5 characters). Helps customers create valid passwords on first try.

Confirm Password Field

Require password entry twice (confirmation field). Reduces typo errors when setting new password.

Link Expiration

Reset links expire after 24 hours (Shopify default). Customers must request new link if expired.

Clear Instructions

Provide instructions on password reset page (“Enter new password below”). Reduces customer confusion.

Auto-Login After Reset

After successful reset, automatically log customer in. Eliminates extra login step.

Support Link

Include contact support link if customer can’t receive reset email. Provide alternative recovery method.

Security Best Practices

Don’t allow overly simple passwords (“12345”). Educate customers on strong passwords (mix letters/numbers/symbols).

Password Reset Process (Full Flow)

Step 1: Request Reset

Customer on login page:
  1. Clicks “Forgot password?” link
  2. Enters email address
  3. Clicks “Submit”
  4. Sees confirmation “Reset email sent”

Step 2: Email Sent

Shopify sends automated email:
  • Subject: “[Store Name] - Reset your password”
  • Contains secure reset link (unique token in URL)
  • Link expires in 24 hours
  • Sent from noreply@shopify.com (or custom email if configured)

Step 3: Reset Password

Customer clicks email link:
  1. Lands on password reset page (this template)
  2. Enters new password
  3. Re-enters password (confirmation)
  4. Clicks “Reset password”
  5. Password updated in database
  6. Customer logged in automatically
  7. Redirected to account dashboard

Step 4: Login with New Password

Future logins:
  • Customer uses email + new password
  • Old password no longer valid

Technical Notes

Security:
  • Reset link contains unique, cryptographically secure token
  • Token tied to specific customer account + email
  • Expires after 24 hours (can’t be reused after expiration)
  • One-time use (token invalidated after successful password reset)
URL structure: 
yourstore.com/account/reset/[unique-token]

Email Delivery

Reset email sent via:
  • Shopify’s transactional email system
  • Sent automatically upon reset request
  • From address: noreply@shopify.com (or custom sender if configured in Admin)
  • Can be customized: Admin → Settings → Notifications → Customer account password reset
If email not received:
  • Check spam/junk folder
  • Verify email address correct (typo in email entry)
  • Request new reset link (old link may have expired)
  • Check email provider not blocking Shopify emails

Password Requirements

Shopify minimum:
  • 5 characters minimum length
  • No complexity requirements (letters/numbers/symbols optional)
Recommendation:
  • Encourage 8+ characters
  • Mix uppercase, lowercase, numbers, symbols
  • Avoid common passwords (“password”, “12345”, etc.)

Auto-Login After Reset

After successful password reset:
  • Customer automatically logged in (session cookie created)
  • No need to manually log in with new password
  • Redirected to account dashboard
  • Password reset email link invalidated (can’t be reused)

Troubleshooting

Reset email not received:
  • Check spam/junk folder (most common issue)
  • Verify email address entered correctly (no typos)
  • Check email provider settings (some block automated emails)
  • Wait 5-10 minutes (email delivery can be delayed)
  • Request new reset link (via login page “Forgot password?” again)
Reset link expired:
  • Links expire after 24 hours (security measure)
  • Request new reset link from login page
  • Use new link within 24 hours
“Invalid token” error:
  • Reset link already used (one-time use only)
  • Link expired (24 hour limit)
  • Link malformed (email client may have broken URL)
  • Request new reset link
Password doesn’t meet requirements:
  • Ensure password at least 5 characters
  • Check no leading/trailing spaces
  • Try simple password first (e.g., “password123”), then update to stronger later
New password not working:
  • Hard refresh login page (Cmd/Ctrl+Shift+R)
  • Clear browser cookies, try again
  • Ensure using correct email (tied to reset link)
  • Request new password reset (may have been system error)
Customer can’t receive any emails from store:
  • Check customer’s email provider (Gmail, Outlook, etc.) settings
  • Verify email not in blocked senders list
  • Try alternative email address
  • Contact customer via phone/support (manual account recovery)

Key Takeaways

  • No template settings - Password reset page is standard Shopify, no customization options
  • Secure reset link - Emailed to customer, expires in 24 hours, one-time use
  • Minimum 5 characters - Shopify password requirement (encourage stronger)
  • Auto-login after reset - Customer logged in automatically upon successful password change
  • Check spam folder - Most common issue is reset email in spam/junk
  • Request new link if expired - Links expire after 24 hours (security)
  • One-time use - Reset link can’t be reused after successful password change
  • Customization via email templates - Customize reset email content in Admin → Notifications
For custom password reset email design or functionality, edit email templates in Shopify Admin → Settings → Notifications → Customer account password reset.